Leadership and Organization
Federal Network Resilience (FNR) Director John Streufert and Deputy Director Danny Toler manage four branches (within the Office of Cybersecurity and Communications) that address critical cybersecurity requirements.
- Requirements and Acquisition Support (RAS) supports the long-term strategic prevention of attacks against Federal Civilian Executive Branch (FCEB) networks.
- Network and Infrastructure Security (NIS) optimizes an agency’s network services into a common solution for the federal government.
- Cybersecurity Assurance (CA) assesses the state of operational readiness and cybersecurity risk across FCEB.
- Cybersecurity Performance Management (CPM) provides oversight and operational support for the FCEB departments and agencies in their compliance with the Federal Information Security Management Act (FISMA)
FNR also collaborates across the federal government to enhance the nation’s cybersecurity posture by:
- identifying common requirements across the federal government,
- collaborating with components of the federal enterprise to identify solutions,
- implementing policy and technical solutions, and
- monitoring the effectiveness of implemented solutions.
The FNR division operates under the following authorities:
- Federal Information Security Management Act (FISMA) of 2002 (PDF, 16 pages - 62.5 KB)
- Homeland Security Presidential Directive 23, Cybersecurity Policy (Classified)
- OMB Memorandum M-10-28, Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (DHS) (PDF, 2 pages - 38.6 KB)
- OMB Memorandum M-08-05, Implementing the Trusted Internet Connections Initiative (TIC) (PDF, 1 page - 28.7 KB)
- OMB Memorandum M-08-23, Securing the Federal Government’s Domain Name System Infrastructure (PDF, 3 pages - 77.3 KB)
- OMB Memorandum M-08-27, Guidance for Trusted Internet Connection (TIC) Compliance (PDF, 2 pages - 47.4 KB)
- National Strategy to Secure Cyberspace, February 2003 (PDF, 76 pages - 551 KB)
- Implementing the Information Systems Security Line of Business, December 2006
- OMB Designation Memorandum, dated June 7, 2006
- E-Government Act of 2002 (PDF, 72 pages - 217 KB)
- HSPD-7, Critical Infrastructure Identification, Prioritization and Protection, December 2003
- Homeland Security Act of 2002, Public Law 107-296 (HSA2002)
- OMB Memorandum: M-10-15, FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (PDF, 27 pages - 274 KB)
FNR is focused on a variety of initiatives that improve the long-term security posture of the federal government:
- The Chief Information Security Officers (CISO) Advisory Council provides a trusted platform whereby federal CISOs can collaboratively address cybersecurity issues and challenges and share solutions and successes in their respective enterprises.
- The Continuous Diagnostics and Mitigation (CDM) program provides tools and services that enable Federal and other government IT networks to strengthen the security posture of their cyber networks.
- Federal Information Security Memoranda (FISM) DHS issued memoranda informing Federal departments and agencies of their responsibilities, required actions, and effective dates to achieve federal information security policies.
- Federal Information Security Management Act (FISMA) outlines DHS responsibilities for providing guidance and operational support to federal agencies in securing federal systems and ensuring information security performance.
- FISMA Reporting Service Offerings provides FISMA Reporting Shared Service Centers (SSCs) so agencies can improve security reporting using automated, efficient channels.
- Managed Trusted Internet Protocol Services (MTIPS) provides managed security services for agency compliance with the Trusted Internet Connection (TIC) mandate to reduce and consolidate agencies’ connections to the Internet.
- Risk Management Framework Service Offerings facilitates agencies’ use of Shared Service Centers to implement Risk Management Framework solutions, which reduce costs of completing authorization and accreditation using legacy systems.
- Security Awareness and Training provides common suites of information systems security training products and services for the federal government.
- Situational Awareness and Incident Response (SAIR) provides local, tribal, state, and federal governments with quick access to Blanket Purchase Agreements to procure products and services that address gaps in configuration management, network mapping/path discovery, and vulnerability management.
- Trusted Internet Connections (TIC) Comprehensive National Cybersecurity Initiative (CNCI) 1 optimizes and standardizes the security of individual external network connections used by the federal government. It provides improvement to the government’s overall security posture by reducing and consolidating the number of external network connections through the use of approved TIC access points.
- Cybersecurity Compliance Validations (CCV) provide federal agencies with onsite assessments to measure compliance with federal cyber mandates including FISMA, TIC, and DNSSEC.
FNR partners with the public and private sector to build cohesion and enhance the security, resiliency, and reliability of the nation's cyber and communications infrastructure. FNR partners include:
- Office of Management and Budget (OMB)
- General Services Administration (GSA)
- Department of Defense (DOD)
- Chief Information Officers Council (CIOC)
- Information Security and Identity Management Committee (ISIMC)
- National Institute of Standards and Technology
The Department of Homeland Security works collaboratively with agencies to build upon the metrics established in previous fiscal years and incorporates updates to ease FISMA reporting. Current year FISMA documents can be found here.