The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance aimed at helping federal civilian agencies mitigate their cybersecurity risks.

The Federal Civilian Executive Branch Operational Cybersecurity Alignment plan encourages agencies to enhance their cyber capabilities by concentrating on asset management, vulnerability management, defensible architecture, supply chain resilience, and incident detection and response.

“Agencies vary widely in how effective they are at managing cyber risk, which means there is no cohesive or consistent baseline security posture across all FCEB agencies. These diverse approaches were not designed to collectively address the dynamic nature of our current cyber threat environment, the complexity of our digital ecosystem, and the pace of technology modernization. As a result, despite concerted efforts to adapt and protect against cyberattacks, the FCEB remains vulnerable,” the document reads.

CISA created this plan in collaboration with FCEB agencies to establish standard, essential components of enterprise operational cybersecurity and to align collective defense capabilities across the federal landscape.

The FCEB Operational Cybersecurity Alignment (FOCAL) Plan is not meant to serve as a comprehensive checklist for agencies or CISA. Instead, it aims to direct resources toward actions that significantly enhance operational cybersecurity and achieve alignment objectives.