From OMB: Cross Agency Priority Goal: Cybersecurity — FY2013 Q2 Status Update

Jun 26

Editor’s Note:  OMB’s update report on agency progess in meeting the White House’s Cross Agency Priority (CAP) Goal for Cybersecurity is available here.  Below is an excerpt:

FY2013 Q2 Summary
  • The overall Cyber CAP score increased by 5.41% from FY13 Q1 to FY13 Q2 as the implementation of each priority cybersecurity capability realized gains.
    • The overall Continuous Monitoring score increased 5.16% as more detailed configuration management information was captured.
    • TIC 2.0 Capabilities increased 3.14% and TIC Consolidation increased 0.39% as agencies continued to migrate to the TIC 2.0 architecture
    • Strong Authentication increased 13.49% even as agencies reported 2 million more user access paths to the network.

 

  • Continuous Monitoring
    • Twenty agencies have reached the minimum target of 80% for Automated Asset Management and eleven have reached or exceeded the goal of 95%. Government-wide, the Automated Asset Management score rose 2.16% and now stands at 90.53%.
    • Automated Vulnerability Management increased 2.09% as State, SSA, and USDA made improvements of 30% or better. 
    •  Automated Configuration Management rose 11.24% as agencies reported on assets with baselines defined by the NIST National Vulnerability Database.
    • Agencies deemed on average that 78% of assets were applicable to Configuration Management while ten agencies reported on all assets for Configuration Management.

Strong Authentication

  • In FY13Q2 an additional 800,000 unprivileged and 20,000 privileged users, as well as 1,140,000 more remote access users were reported than in FY13 Q1. The vast majority of these additional users came from the personnel fluctuations of DOD. Since DOD has historically implemented PIV well, this was the main driver in the surge of the USG PIV score.
  •  Without DOD, the USG PIV implementation score for the other 23 CFO agencies would have risen 2.72%, but the CAP Goal of 75% moves back two full years.
  • One-third (8) of the agencies are still at 0% for PIV implementation and another one-quarter (6) are at 5% or less.
  • DOD and EDU are the only agencies reporting at or above the FY2013 goal of 75%.
  • HHS is reporting above the FY13 FISMA minimum of 50% and GSA is approaching that target. DOI and USDA made significant progress and DOJ and HHS made considerable advances as well.
  • Remote access numbers are fluctuating as some agencies are finding their way with the new remote access factor.
  • GSA decreased due to a misunderstanding of account-based remote access.

 

 Trusted Internet Connection (TIC)

  • Eighteen of the 23 CFO agencies (DOD is exempt from this reporting) achieved the minimum FY 13 FISMA target of 80% consolidation with 16 reaching the CAP goal of 95%. GSA made significant gains to reach the minimum.
  • DOE, HHS, and VA are below the TIC Consolidation minimum and DHS and DOC have slipped back below as well. VA has latency-sensitive issues with medical centers and universities, DOC is using a new assessment methodology for compliance, and DHS had a recent discovery of previously unknown connections.
  • Of the 16 TICAPS, Treasury and DOJ have reached the FY13 FISMA minimum target of 95% for TIC 2.0 Capabilities.
  • The seeking service agencies using an MTIPS vendor (DOL, GSA, EPA, NRC, NSF, SBA and USAID) scored at 100% for TIC Capability unless they reported otherwise.
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *