Schmidt explained in a blog that the purpose of selecting three priority areas is to focus the federal government’s efforts on implementing the most cost-effective cybersecurity controls for federal information system security.
“Federal departments and agencies must defend their information systems in a resource-constrained environment, balancing system security and survivability while meeting numerous operational requirements requires robust risk management”, Schmidt wrote.
In the area of trusted internet connections, the federal government intends to consolidate external network connections and ensure there is a set of baseline security capabilities for situation awareness and enhanced monitoring.
For continuous monitoring, the federal governments wants to transform the static security control assessment and authorization process into a dynamic risk mitigation program. As part of that effort, the US government is deploying Einstein 3, which is a network intrusion detection and prevention system. Einstein 1 and 2 focused on intrusion detection, while Einstein 3 will also prevent intrusions.
For strong authentication, the government is deploying federal smartcard credentials that provide multifactor authentication and digital signature and encryption capabilities.
To implement these priorities, Schmidt said he is leading a cross-agency priority (CAP) cybersecurity goal, one of a limited number of CAP goals for both crosscutting policy and government-wide management areas, as required under the Government Performance and Results Modernization Act of 2010.
These priorities are also integrated in the Fiscal Year 2011 Federal Information Security Management Act (FISMA) report and FY 2012 FISMA metrics, Schmidt related.