What is the National Cybersecurity Strategy?
The Biden-Harris Administration released a National Cybersecurity Strategy in March 2023, which outlines their vision for a secure and resilient digital environment for the United States. As our world becomes more interconnected than ever before, it’s critical that US systems and structures support a robust culture of cybersecurity and privacy.
The National Cybersecurity Strategy calls for two fundamental shifts in policy:
Rebalancing the responsibility to defend cyberspace
Too often, individuals, state and local governments, and small companies have to defend their organization against cyber threats. The National Cybersecurity Strategy states that those who are best-able to defend systems from malicious actors – the federal government and large private sector companies – should take the lead in the fight for a secure cyber future.
Realigning incentives to favor long-term investments
Budget constraints, staffing issues, and a lack of subject matter knowledge often put organizations in the position of having to choose between temporary fixes and long-term solutions. The National Cybersecurity Strategy calls on the government and private industry to provide the resources, capabilities, and incentives necessary for organizations to choose the safety and stability of long-term solutions. Essentially, technology and security are priorities and should be funded accordingly.
Additionally, the strategy defines five pillars that will guide the implementation of the strategy moving forward:
Pillar One: Defend Critical Infrastructure
Pillar Two: Disrupt And Dismantle Threat Actors
Pillar Three: Shape Market Forces To Drive Security And Resilience
Pillar Four: Invest In A Resilient Future
Pillar Five: Forge International Partnerships To Pursue Shared Goals
You can read more about the strategic objectives that make up each pillar in the full National Cybersecurity Strategy document released by the White House.
What steps is ISPG taking to respond?
As the Information Security and Privacy Group (ISPG), we are uniquely placed to have a positive impact on the improvement of cybersecurity across the CMS enterprise. Some of our newest and most recently updated initiatives are below:
Zero Trust
The Zero Trust (ZT) initiative was created to make government systems more resilient and defensible. As we continue to modernize our systems and practices, we are implementing Zero Trust and its strong authentication methods, network segmentation, threat prevention, and “least access” policies to benefit everyone.
Training
With the adoption of our new Learning Management Software (LMS) and access to more training offerings than ever before, ISPG staff will have the latest cybersecurity information and tools directly at their fingertips.
FedRAMP
The FedRAMP program demonstrates what’s possible when government and private industry connect to provide the latest in secure cloud-based tools. Look for more public/private partnerships in the future as the National Cybersecurity Strategy advances.
CMS Cybersecurity Integration Center (CCIC)
The integration of federal Cybersecurity Centers is one of the objectives defined in Pillar One: Defend Critical Infrastructure. As the National Cybersecurity Strategy rolls out, the continuous monitoring and data integration efforts of the CCIC will come front and center at CMS.
ARS 5.1 and NIST Risk Management Framework
As CMS continues to advance towards a compliance structure that’s rooted in continuous monitoring, efforts like the new ARS 5.1 and the enterprise-wide adoption of the NIST Risk Management Framework will help ISPG lead the way for cybersecurity and privacy for CMS FISMA systems.
Learn how ISPG is helping CMS meet the requirements of the latest cybersecurity guidance from the White House