The Department of Homeland Security is seeking to enhance its approach to securing the federal government’s High Value Assets (HVAs) from cybersecurity threats.
DHS has worked for the past several years with federal agencies to identify, prioritize, and assess the cybersecurity needs of the federal government’s most critical information systems, or high value assets (HVAs). In 2016, agencies were directed to take specific actions to protect their most critical systems.
The new Binding Operational Directive (18-02) issued by DHS Secretary Kirstjen Nielsen introduces a more focused, integrated approach to addressing weaknesses across federal agency HVAs. It also facilitates collaboration across cybersecurity teams to drive timely remediation and manage risk.
DHS’s National Protection and Programs Directorate (NPPD) works with federal agencies to conduct security assessments and assist with remediation of identified vulnerabilities. These assessments help identify vulnerabilities and weaknesses that may allow an adversary to penetrate a system and access sensitive data.
DHS has identified roughly 200 high priority vulnerabilities through HVA assessments and worked with agencies to mitigate all critical findings. DHS also coordinated with the National Institute of Standards and Technology (NIST) to develop the HVA Control Overlay, a document designed to provide further technical guidance for federal agencies to secure HVAs.
While federal agencies have primary responsibility for their cybersecurity, DHS provides assessment services, technical assistance, and tools to help them manage their cyber risk.