One of the key strategies of the President’s Management Agenda is to Modernize IT to Improve Productivity and Security. A central theme of IT Modernization is to improve the skills, leadership abilities ? and pipeline of talent in the federal government ? to fight against the nation’s increasingly cybersecurity threats, according to a CIO Council release.
Ensuring security in government technology operations from beginning to end is critical to modernization efforts and essential to securely deliver reliable, effective, efficient services to citizens.
To this end, the Chief Information Security Officers (CISO) Council issued the “CISO Handbook” – a searchable compilation of fundamental information and actionable templates and processes – to provide a “one-stop-shop” for new and upcoming information security professionals to begin their journey into future cybersecurity executives.
The CIO Council said, “ the Handbook is a foundational document that will help agency leadership drive transformational workforce changes in a standardized, repeatable manner and create greater collaboration and coordination across agencies to address systemic cybersecurity challenges.”
The CISO Handbook was created to educate and inform new and existing CISOs about their role in federal cybersecurity management. It provides resources to help CISOs prudently apply risk management principles to help federal agencies meet mission objectives, and makes CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations, the CIO Council said.
Commenting on the Handbook’s benefit to the cyber community, Cord Chase, CISO at the Office of Personnel Management, said, “With frequent changes to policies, standards, executive orders, recommendations, and new security entities being stood up, it is only appropriate that the CIO council, in coordination with the CISO council, provide you with a handbook to clarify the cyber security standards. This handbook is for federal cyber security professionals and CISOs, but it is valuable for other professionals as well.”
According to the CIO Council release, the five takeaways from the handbook are:
- Overview of the CISO role (page 7) and key government-wide organizations (page 11).
- CISO Reference Sections with high-level information about important cybersecurity documents:
- Federal risk management publications (page 31)
- Government-wide policy documents (page 50)
- Information on the - Framework for Improving Critical Infrastructure Cybersecurity, also known as the NIST Cybersecurity Framework or the CSF, and how it can be leveraged in conjunction with other NIST risk management publications.
- Resources and links for workforce, contracting and other government-wide services with which CISOs should be familiar.
- Most useful in day-to-day operations are the extensive, searchable appendices that consolidate key statutory language, policy templates, government-wide services and other previously disparate resources.
The comprehensive and searchable appendices represent the most complete collection of policies and templates pertaining to federal cybersecurity ever published in one place, according the release. “The appendices include a chronological list of Presidential directives, OMB memos, NIST guidance, and other government-wide publications complete with innovative infographics and links to PDFs. The appendices also provide a breakdown of responsibilities assigned by the Federal Information Security Modernization Act of 2014 (FISMA) and a list of government-wide services and acquisition vehicles.” These documents are intended for cybersecurity professionals as helpful templates that can assist them effectively implement and manage major cybersecurity initiatives and changes.
The CIO and CISO Council will update the CISO Handbook as major policies or guidance are issued.
Go to CIO.gov to download the CISO Handbook -- https://www.cio.gov/assets/files/ciso_handbook.pdf.