{Text|Textual Content} H R 3359 {115th|One Hundred And Fifteenth|A Hundred And Fifteenth} Congress 2017- : Cybersecurity And Infrastructure {Security|Safety} {Agency|Company} Act Of 2018

To assess the progress of CISA's efforts, GAO analyzed {agency|company} documentation {to determine|to {find|discover} out} the {status|standing} of {activities|actions} {related|associated} to the three phases of the organizational transformation and {reasons|causes} for any delays in its progress. GAO {also|additionally} assessed CISA's efforts {against|towards|in opposition to} {selected|chosen} key practices {identified|recognized} by GAO {that can|that may} contribute to the effectiveness of {agency|company} reform efforts. In addition, GAO interviewed {selected|chosen} stakeholders {related|associated} to CISA's {primary|main|major} mission areas to {identify|determine|establish} any pertinent challenges and analyzed {strategies|methods} CISA developed {to address|to deal with|to handle} these challenges.

US-CERT strives for a safer, stronger Internet for all Americans by responding to {major|main} incidents, analyzing threats, and exchanging {critical|crucial|important} cybersecurity {information|info|data} with trusted {partners|companions} {around the world|around the globe|all over the world}. Agency performs enterprise-level cybersecurity {for individuals|for people} {at the|on the} highest {risk|danger|threat} of cyberattacks {because of|due to} their job, employer, or {industry|business|trade}. Our subscription {includes|consists of|contains} {advanced|superior} {software|software program}, 24/7 monitoring and response, and reimbursement with our Agency Cyber Guarantee.

Once the {agency|company} has {provided|offered|supplied} documentation of its actions, we plan to {verify|confirm} {whether|whether or not} implementation has occurred. This {includes|consists of|contains} the {methods|strategies} by which CISA, in {both|each} its National Coordinator and SRMA roles, and {other|different} SRMAs, {communicate|talk} with {critical|crucial|important} infrastructure stakeholders {to {ensure|guarantee} that|to {make sure|ensure|make certain} that} {appropriate|applicable|acceptable} {parties|events} are included in distribution lists or {other|different} communication channels. Once CISA has {provided|offered|supplied} documentation {of these|of those} actions, we plan to {verify|confirm} {whether|whether or not} implementation has occurred. Threats to the nation's {critical|crucial|important} infrastructures and {the information|the knowledge|the data} {technology|know-how|expertise} {systems|methods|techniques} that {support|help|assist} them require a concerted effort {among|amongst} federal {agencies|businesses|companies}; state, {local|native}, tribal, and territorial governments; and the {private|personal|non-public} sector {to ensure|to make sure} their {security|safety}. The seriousness of the {threat|menace|risk} was {reinforced|strengthened|bolstered} by the December 2020 discovery of a cyberattack that has had widespread {impact|influence|impression} on {government|authorities} {agencies|businesses|companies}, {critical|crucial|important} infrastructures, and private-sector {companies|corporations|firms}.

CISA concurred with this {recommendation|suggestion|advice} and in September 2021 described actions {planned|deliberate} and {under|beneath|underneath} {way to|method to|approach to} implement it. Specifically, the {agency|company} {stated|said|acknowledged} that {it is|it's} {developing|creating|growing} a draft workplan and timeline to {identify|determine|establish} metrics and {establish|set up} an outcome-oriented {performance|efficiency} measurement {approach|strategy|method}. Once {complete|full}, CISA {stated|said|acknowledged} that this plan will, {among|amongst} {other|different} {things|issues}, gauge the {agency|company}'s efforts {to meet|to satisfy|to fulfill} the {identified|recognized} {goals|objectives|targets} of the organizational transformation. CISA plans {to complete|to finish|to complete} its effort to {identify|determine|establish} outcome-oriented {performance|efficiency} measures by March 31, 2022.

" National cyber director.-The National Cyber Director shall {support|help|assist} prioritization and cross-agency coordination for the pilot program, {including|together with} {ensuring|making certain|guaranteeing} {appropriate|applicable|acceptable} participation by {participating|collaborating|taking part} {agencies|businesses|companies} and the identification and prioritization of key {private|personal|non-public} sector entities and initiatives for the pilot program. It focuses on transit, passenger rail, trucking, over-the-road buses, {school|faculty|college} buses, freight rail and pipeline modes of transportation. FTA {provides|offers|supplies} {financial|monetary} {support|help|assist} for some grant recipients’ cybersecurity {activities|actions} and {supports|helps} {the U.S.|the united states|the us} Department of Homeland Security in {promoting|selling} enhanced {security|safety} for transit {agencies|businesses|companies}. Additionally, as a {condition|situation} of federal {assistance|help}, {under|beneath|underneath} {49|forty nine} U.S.C. 5323, rail transit operators {must|should} certify that {they have|they've} a {process|course of} to develop, {maintain|keep|preserve}, and execute a plan for {identifying|figuring out} and {reducing|decreasing|lowering} cybersecurity {risks|dangers}.

" Secretary of homeland {security|safety}.-The Secretary shall {exercise|train} {primary|main|major} {responsibility|duty|accountability} for the pilot program {under|beneath|underneath} subsection , {including|together with} organizing and directing {authorized|approved|licensed} {activities|actions} with {participating|collaborating|taking part} Federal Government organizations and {internet|web} ecosystem {companies|corporations|firms} {to achieve|to realize|to attain} the {objectives|aims|goals} of the pilot program. The voluntary NIST Cybersecurity Framework {provides|offers|supplies} {standards|requirements}, {guidelines|tips|pointers} and {best|greatest|finest} practices to {manage|handle} cybersecurity {risk|danger|threat}. It focuses on {using|utilizing} {business|enterprise} drivers to {guide|information} cybersecurity {activities|actions} and {considering|contemplating} cybersecurity {risks|dangers} as {part of|a {part|half} of} the organization’s {risk|danger|threat} {management|administration} processes. The American people’s confidence {in the|within the} {value|worth} of their vote is principally reliant on {the security|the safety} and resilience of the infrastructure that makes the Nation’s elections {possible|potential|attainable}. Accordingly, an electoral {process|course of} {that is|that's} {both|each} {secure|safe} and resilient {is a vital|is an important|is a crucial} {national|nationwide} {interest|curiosity} and {one of the|one of many} Department of Homeland Security’s highest priorities. The Department’s Cybersecurity and Infrastructure Security Agency is {committed|dedicated} to working collaboratively with {those|these} on the {front|entrance} {lines|strains|traces} of elections—state {and local|and native} governments, election {officials|officers}, federal {partners|companions}, and vendors—to {manage|handle} {risks|dangers} to the Nation’s election infrastructure.

The National Protection and Programs Directorate was {formed|shaped|fashioned} in 2007 as a {component|element|part} of the United States Department of Homeland Security. NPPD's {goal|objective|aim} was to advance the Department's {national|nationwide} {security|safety} mission by {reducing|decreasing|lowering} and eliminating threats to U.S. {critical|crucial|important} {physical|bodily} and cyber infrastructure. Agency is {the first|the primary} cybersecurity {company|firm} that stands behind its {protection|safety} with over $1M of {coverage|protection} for {real|actual} life cyber incidents backed by two {major|main} {insurance|insurance coverage} carriers.

" {assist|help} State governments and Tribal organizations in {developing|creating|growing} cybersecurity plans. Relating to {providing|offering} {education|schooling|training}, {training|coaching}, and {capacity|capability} {development|improvement|growth} to Federal and non-Federal entities. Analysts {under|beneath|underneath} this subsection {may Agency Cybersecurity|might Agency Cybersecurity|could Agency Cybersecurity} {include|embrace|embody} analysts from the {private|personal|non-public} sector. The {national|nationwide} and {economic|financial} {security|safety} of the United States {depends on|is dependent upon|is decided by} the {reliable|dependable} functioning of {critical|crucial|important} infrastructure.

Workforce planning {is especially|is particularly|is very} {important|essential|necessary} for CISA, given the criticality of hiring and retaining {experts|specialists|consultants} who, {among|amongst} {other|different} {things|issues}, {can help|might help|may help} {identify|determine|establish} and {respond to|reply to} {complex|complicated|advanced} {attacks|assaults}. CISA did conduct an {initial|preliminary} {assessment|evaluation} of its cybersecurity workforce in 2019; {however|nevertheless|nonetheless}, {it is|it's} {still|nonetheless} {working on|engaged on} analyzing {capability|functionality} gaps and {determining|figuring out} {how to|the {way|method|means} to|tips on how to} {best|greatest|finest} fill {those|these} gaps. Finally, CISA {did not|didn't} {address|tackle|handle} the {practice|apply|follow} of {ensuring|making certain|guaranteeing} that its {employee|worker} {performance|efficiency} {management|administration} system was aligned with its new organizational {structure|construction} and transformation {goals|objectives|targets}. Until it {fully|absolutely|totally} addresses workforce planning and the {five|5} {other|different} practices {that are|which are|which {might|may|would possibly} be} {either|both} partially or not addressed, CISA’s {ability|capability|capacity} to leverage its organizational {changes|modifications|adjustments} to {effectively|successfully} {carry out|perform} its mission {will be|shall be|might be} hindered. To implement {the requirements|the necessities} of the Cybersecurity and Infrastructure Security Agency Act of 2018, CISA {leadership|management} {within the|inside the|throughout the} Department of Homeland Security launched an organizational transformation initiative.

Further, the {agency|company} {stated|said|acknowledged} that it plans to {further|additional} refine its measurement {approach|strategy|method}, {including|together with} estimates of {cost|value|price} {savings|financial savings} generated by the reorganization. Once the {agency|company} {provides|offers|supplies} documentation of its actions, we plan to {verify|confirm} that implementation has occurred. To {do this|do that}, GAO reviewed {relevant|related} {information|info|data} on CISA's efforts to develop an organizational transformation initiative {to meet|to satisfy|to fulfill} {the requirements|the necessities} of the CISA Act of 2018.