In coordination with this release, the DHS is publishing the FY 2015 Chief Information Officer (CIO) Annual Federal Information Security Management Act (FISMA) Metrics and Updated U.S. Computer Emergency Readiness Team (US-CERT) Incident Notification Guidelines.
- The FISMA Metrics are the result of a yearlong inter-agency process to improve the quality of the metrics. Ultimately, these metrics are more than just a compliance exercise – they will get us closer to determining whether our processes are actually making us safer.
- The US-CERT Incident Notification Guidelines streamline the way agencies report cybersecurity incident information to US-CERT, while improving US-CERT’s ability to quickly respond to emerging cybersecurity threats.
These substantial improvements should not distract from the important work that lies ahead. Evolving cybersecurity incidents underscore why agencies must remain ever vigilant to combat emerging threats. As such, OMB, in coordination with the NSC staff and DHS, will continue to prioritize implementation of the FY 2015 Cybersecurity Cross Agency Priority (CAP) Goals and the DHS Continuous Diagnostics and Mitigation (CDM) program. The FY 2015 CAP Goals, which can be found on www.performance.gov will continue to emphasize the implementation of basic cyber hygiene practices. Additionally, once fully implemented, the DHS CDM program (initiated by M-14-03: Enhancing the Security of Federal Information and Information Systems) will allow agencies to continuously monitor their networks and respond to risk indicators in near real-time. Ensuring the security of information on the Federal government’s networks and systems will remain a core focus of the Administration as we move forward aggressively to implement new protections and respond quickly to new challenges as they arise.”