The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to its action plan for strengthening federal cybersecurity in fiscal years 2020 through 2021. The initiative was led by Matthew Travis, the deputy director of CISA.
The Department of Homeland Security (DHS) component said in the report that it seeks to prevent 75 percent of identified “critical and high configuration-based vulnerabilities” across federal agencies by Sept. 30th, 2021.
CISA is also directing agencies to have “reliable” scores on the adaptive risk enumeration (AWARE) algorithm under the Continuous Diagnostics and Mitigation (CDM) program by the end of the fourth quarter of FY 2020.
Kevin Cox, program manager for the CDM effort, previously said at an industry event that the program’s AWARE assessment is meant to “quantify the aggregate number of opportunities for an adversary” and help agencies identify priorities for reducing their attack surface.
The updated action plan includes strategies such as increasing enterprise-wide risk posture awareness, providing tools and assistance for CDM compliance, managing malicious incidents and detecting malicious traffic for incident response.
CISA also cited evolving threat landscapes and limitations in cloud, network and encryption capabilities as challenges that agencies face in strengthening their security postures.
The agency has prevented 77 percent of known vulnerabilities through approaches like cyber hygiene scanning. However, the agency needs to focus on mitigating high value asset risks, according to the report.