US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Cybersecurity Assurance

The Federal Network Resilience (FNR) Cybersecurity Assurance (CA) branch employs a collaborative approach with the Federal Civilian Executive Branch, to measure, monitor, and validate cross-government initiatives and to assess cyber risks.

Mission

CA assesses the state of operational readiness and cybersecurity risk of unclassified federal networks and systems. CA proactively engages with departments and agencies to improve their cybersecurity posture by assessing capabilities, identifying vulnerabilities, evaluating risks, and providing prioritized guidance that optimizes the remediation activities needed to close capability gaps, limit exposure, reduce exploitation, and increase the speed and effectiveness of cyber attack responses.

CA seeks to provide services which promote a healthy, secure and resilient IT infrastructure across the federal enterprise’s computer networks and systems; measure the implementation of mandatory cybersecurity capabilities; and provide an enterprise view of the federal government’s cybersecurity posture.

Benefits to the Federal Government

CA benefits the federal government by providing cost savings and cross-government consistency through centralization of information system security services.  CA services and activities include:

  • promotion of awareness of agency compliance with cybersecurity responsibilities;
  • collection of objective data that validates previous, and supports ongoing, improvements by the agency;
  • establishment of an enterprise view of the federal government’s cybersecurity posture, thus enabling policy-makers to develop sound cybersecurity policy and risk mitigation strategies;
  • increasing confidence that agencies are complying with published cybersecurity requirements; and
  • reducing government spending on cybersecurity by leveraging our resources in engagements across Federal Civilian Executive Branch agencies, thus maximizing the return on investment in those resources by DHS and eliminating the need for similar investments by agencies.

Benefits to Individual Agencies:

CA benefits individual agencies by:

  • satisfying agency requirements stemming from the FISMA, Office of Management and Budget Memos, and the Comprehensive National Cybersecurity Initiative;
  • identifying capability gaps that help agencies recognize opportunities for improvement and assist agencies with prioritization of remediation activities and justification of budget requests;
  • evaluating the overall effectiveness of an agency’s security program;
  • clearly articulating and quantifying agency risk;
  • providing access to expertise and resources not readily available and at no cost to the agency; and
  • providing third party risk assessments at no cost to the agency to assist with FISMA compliance.

CA Sections:

CA capabilities and services are provided through two functional areas.

 

Operational Assurance Section

The Operational Assurance Section (OAS) works in coordination with agencies to conduct proactive blue-team assessments that validate their technical capabilities (tools and technologies) and operational readiness (people, processes, and security program maturity).

Cybersecurity Capability Validations (CCV) assessments are conducted collaboratively with an agency to assess and validate their implementation of cybersecurity capabilities required by Federal laws, policies and initiatives.

For additional information, please contact Martin Stanley, Branch Chief, Cybersecurity Assurance Branch, Federal Network Resilience or fns.cap_info@hq.dhs.gov

Last Published Date: June 24, 2014
Back to Top