The White House will focus agency efforts on improving the security of their information operations by implementing the Administration’s priority cybersecurity capabilities and developing performance based metrics to measure their success. The Administration’s priority cybersecurity capabilities are:
- Information Security Continuous Monitoring Mitigation (ISCM) – Provide ongoing observation, assessment, analysis, and diagnosis of an organization’s cybersecurity: posture, hygiene, and operational readiness.
- Identity, Credential, and Access Management (ICAM) – Implement a set of capabilities that ensure users must authenticate to information technology resources and have access to only those resources that are required for their job function.
- Anti-Phishing & malware defense – Implement technologies, processes and training that reduce the risk of malware introduced through email and malicious or compromised web sites.
While all Federal agencies are subject to the 2002 Federal Information Security Management Act (FISMA) requirements, The Department of Homeland Security, Department of Defense, Department of Commerce (National Institute of Standards and Technology), and General Services Administration play key leadership roles in developing metrics, standards, and governance processes related to the Cybersecurity CAP goal.