STRATEGIC IMPLEMENTATION PLAN
FOR THE NATIONAL STRATEGY FOR INFORMATION SHARING AND SAFEGUARDING
December 2013
Priority Objective 5: Safeguarding
Implement safeguarding capabilities to support information sharing.[1]
Steward
Senior Information Sharing and Safeguarding Steering Committee (SISS SC), partnering with the Federal CIO Council
Problem Statement
Cybersecurity presents one of the most serious national security, public safety, and economic challenges the nation faces. Challenges associated with technology, organizations, people, and performance require creative solutions to address emerging and increasingly sophisticated threats, and new vulnerabilities.
Desired Outcome
Establish and implement processes, procedures, and standards that improve information safeguarding and raise confidence among information sharing partners. Align departments’ and agencies’ oversight across all security domains; implement the improved governance and reporting processes and procedures by the end of 2015.
Approach
In 2013 and 2014, the SISS SC, the Federal CIO Council, and the ISA IPC develop safeguarding efforts across all Federal Government classification security domains. 2013 and 2014 have different priorities for classified and unclassified domains. The way forward will include a joint set of priorities for both classified and unclassified domains, which will be jointly established by the Federal CIO Council and the SISS SC.
| MILESTONES | Q1-Q2 FY14 | Q3-Q4 FY14 | FY15 | FY16-18 |
|---|---|---|---|---|
| Continue implementing capabilities specified on Classified (SC goals) and Unclassified networks (CAP goals). | All ISE agencies | All ISE agencies | All ISE agencies | |
| Create an action plan for consolidated information safeguarding reporting. | SISS SC |
| MILESTONES | Q1-Q2 FY14 | Q3-Q4 FY14 | FY15 | FY16-18 |
|---|---|---|---|---|
| Convene a Joint FY15 Working Group (J15 WG) to determine the combined FY15 safeguarding priorities. | J15 WG | |||
| Develop new progress tracking criteria for sharing and safeguarding of classified information and systems aligned with SISSSC priorities and goals. | PM-ISE, DoD, NSA, IC CIO, ONCIX, and FBI | |||
| Develop a set of metrics for assessing the J15 implementation. | J15 WG | |||
| Develop consolidated plan for safeguarding implementation and oversight. | SISS SC | |||
| Annually baseline information security practice assessments. | OMB | OMB | OMB | OMB |
| MILESTONES | Q1-Q2 FY14 | Q3-Q4 FY14 | FY15 | FY16-18 |
|---|---|---|---|---|
| Conduct quarterly assessments on progress of classified information sharing and safeguarding initiatives. | SISS SC | SISS SC | SISS SC | SISS SC |
| Report progress on all EO 13587 information sharing and safeguarding activities. | SISS SC | SISS SC | SISS SC |
Go to the next section: Priority Objective 6: Interoperability
[1] Priorities for safeguarding have evolved since the issuance of the NSISS. Planning described in the document aligns with current priorities defined by the SISS SC and Federal CIO Council. NSISS Priority Objective 5 reads: “Implement removable media policies, processes and controls; establish programs, processes and techniques to deter, detect and disrupt insider threats; provide timely audit capabilities of assets, vulnerabilities, and threats; and share the management of risks, to enhance unclassified and classified information safeguarding efforts.”
[2] Information Security Oversight Office (ISOO), National Archives and Records Administration (NARA) is included as a participant in all planning associated with safeguarding unclassified information across Executive Branch departments and agencies.