OMB Memo M-19-03 “Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program”

From: Office of Management and Budget

Purpose

This memorandum provides guidance on the enhancement ofthe High Value Asset (HV A) program operated by the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (0MB). It outlines expectations for the following areas:

  • Establishing Enterprise HVA Governance;
  • Improving the Designation ofHVAs;
  • Implementing Data-Driven HV A Prioritization;
  • Increasing the Trustworthiness1 ofHVAs; • Protecting Privacy and HVAs; and
  • Defining HVA Reporting, Assessment, and Remediation Requirements.

OMB Memorandum M-19-02 “Fiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements Purpose”

From: Office of Management and Budget

Purpose

This memorandum provides agencies with fiscal year (FY) 2019 reporting guidance and deadlines in accordance with the Federal Information Security Modernization Act of 2014 (FISMA). This memorandum also consolidates several govemment-wide reporting requirements into a single document to eliminate duplicative or burdensome processes in accordance with the requirements in Office of Management and Budget (OMB) Memorandum M-17-26, Reducing Burden for Federal Agencies by Rescinding and Modifying OMB Memoranda. Accordingly, OMB rescinds the following memoranda:

• M-l 8-02, Fiscal Year 201 7-2018 Guidance on Federal Information Security and Privacy Management Requirements

Presidential Memorandum on Developing a Sustainable Spectrum Strategy for America’s Future

From: The White House

Issued on:

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

SUBJECT:        Developing a Sustainable Spectrum Strategy for America’s Future

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1.  Policy.  It is the policy of the United States to use radiofrequency spectrum (spectrum) as efficiently and effectively as possible to help meet our economic, national security, science, safety, and other Federal mission goals now and in the future.  To best achieve this policy, the Nation requires a balanced, forward-looking, flexible, and sustainable approach to spectrum management.

National Cyber Strategy of the United States of America

Editor’s Note: The National Cyber Strategy (September 2018) is available here (pdf 1.4 MB) Below is a brief excerpt.

The Way Forward

New threats and a new era of strategic competition
demand a new cyber strategy that responds
to new realities, reduces vulnerabilities, deters
adversaries, and safeguards opportunities for
the American people to thrive. Securing cyberspace
is fundamental to our strategy and requires
technical advancements and administrative
efficiency across the Federal Government and
the private sector. The Administration also
recognizes that a purely technocratic approach
to cyberspace is insufficient to address the
nature of the new problems we confront. The
United States must also have policy choices
to impose costs if it hopes to deter malicious
cyber actors and prevent further escalation.

Federal Cloud Computing Strategy [Draft for Public Comment]

From: Cloud.CIO.gov

This is a draft strategy open for public feedback. You may provide feedback in three ways:1. Content suggestions and discussions are welcome via GitHub “issues.” Each issue is a conversation initiated by a member of the public. We encourage you to browse and join in on discussions in existing issues, or start a new conversation by opening a new issue.

2. Direct changes and line edits to the content may be submitted through a “pull request” by clicking “Edit this page” on any site page in the repository.. You do not need to install any software to suggest a change. You can use GitHub’s in-browser editor to edit files and submit a pull request for your changes to be merged into the document. Directions on how to submit a pull request can be found on GitHub. Open pull requests for the proposed guidance can be found in the site repository on GitHub

Executive Order Enhancing the Effectiveness of Agency Chief Information Officers

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

OMB Memorandum M-17-25: Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

From: OMB Memorandum M-17-25

Overview and Purpose

On May 11, 2017, the President signed the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which outlines a number of actions to enhance cybersecurity across Federal agencies and critical infrastructure partners. Section 1 of the Executive Order reinforces the Federal Information Security Modernization Act of 2014 (FISMA) by holding agency heads accountable for managing the cybersecurity risks to their enterprises. This Memorandum provides implementing guidance on actions required in Section 1 of the Executive Order.

OMB Memorandum M-18-12: Implementation of the Modernizing Government Technology Act

From: OMB Memorandum M-18-12

MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES

FROM: Mick Mulvaney, Director

SUBJECT: Implementation of the Modernizing Government Technology Act

The Modernizing Government Technology (MGT) Act is a key component of this Administration’s continued efforts to improve Federal technology by providing financial resources and technical expertise to agencies. The MGT Act will allow agencies to invest in modem technology solutions to improve service delivery to the public, secure sensitive systems and data, and save taxpayer dollars. This memorandum sets forth Administration objectives and necessary actions agencies should take in order to implement the MGT Act.

Keep It Concrete, Ad Groups Urge FTC

From: Lexology

Richard P. Lawson | Manatt Phelps & Phillips LLP

Vulnerabilities Equities Policy and Process for the United States Government [Charter]

Editor’s Note: The explanatory White House Blog post about the VEP is available here.

From: The White House

1. Purpose

This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.