CISA issues guide to help federal agencies set cybersecurity priorities

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency released guidance to help federal government civilian agencies reduce their cybersecurity risks.

The Federal Civilian Executive Branch Operational Cybersecurity Alignment plan out Monday asks agencies to develop their cyber capabilities with a focus on asset management, vulnerability management, defensible architecture, supply chain resilience and incident detection and response. 

“The ultimate destination on this shared journey is more synchronized and robust cyber defenses, greater communication, and increased agility and resilience across the federal enterprise, resulting in a more cohesive government enterprise capable of defending itself against evolving cyber threats,” the document says.

The release is one of several papers the cyber agency has advanced in the wake of cyberattacks targeting the federal government in the 2020s. 

Government agencies are target-rich environments for cybercriminals because of the troves of information that are stored inside their internal databases. Agency staff are frequent targets of phishing emails that aim to siphon their login credentials, potentially granting hackers access to sensitive or even classified information.

Agencies across the federal ecosystem are accelerating improvements to their internal security posture as part of a maturity deadline in which they will have to implement zero trust architecture in their systems by Sept. 30. A tranche of major agencies have nearly met that deadline requiring them to build out and adopt the framework on their networks, federal CIO Clare Martorana said earlier this month.