Cybersecurity

DHS issues new directive to protect high-value assets

cybersecurity

The Department of Homeland Security announced May 25 that it has issued a new Binding Operational Directive designed to further protect high-value assets in the federal government from cyber attacks.

Under the new directive, 18-02, federal agencies must submit to DHS an updated and prioritized list of their own high-value assets within 30 days of the order’s issuance, dated May 7. They must also identify a point of contact within the agency responsible for coordinating with DHS.

Additionally, a select number of agencies designated by the Office of Management and Budget must authorize DHS to conduct deeper assessments around risks and vulnerability and remediate any critical weaknesses identified within 30 days of notification.

“With the issuance of BOD 18-02, DHS introduces a more focused, integrated approach to addressing weaknesses across federal agency [high-value assets], facilitates ongoing collaboration across cybersecurity teams to drive timely remediation, and ensures senior executive involvement to manage risk across an agency enterprise,” wrote Jeanette Manfra, Assistant Secretary for Cybersecurity and Communications in a note accompanying the directive’s release.

The new BOD will supersede a similar directive issued in 2016.

“Based on operational insights and lessons learned, DHS is enhancing its approach to conducting these engagements to provide agencies with improved results and findings by expanding system scope, refining assessment methodologies, and using less-constrained penetration testing approaches to resemble tactics, techniques, and procedures used by advanced threat actors attempting to gain unauthorized access,” the directive read.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.