OMB Director Mick Mulvaney said Monday the memo outlines actions across six areas such as the establishment of enterprise HVA governance, implementation of data-driven HVA prioritization and privacy protection.
To set up an enterprise HVA governance, agencies are advised to designate an agency-level team to facilitate the integration of HVA assessment, incident response and other activities into broader agency planning efforts for data system security and privacy management.
The document calls for agencies to establish HVA data sharing agreements with DHS, OMB and other agencies to advance cross-agency cooperation.
Agencies should adopt a DHS-developed methodology to prioritize their HVAs and related activities and submit feedback to the department to improve the use of the process.
OMB recommends that agencies implement systems security engineering concepts and ensure the privacy and security requirements for HVAs to increase the trustworthiness of such assets.
Federal agencies should provide DHS with HVA assessment results and integrate requirements into their future and existing service-level agreements and contracts that seek to ensure the implement of HVA reviews for federal data systems, according to the document.
Â