- Last Friday, federal CIO Tony Scott released his new Cybersecurity Strategy and Implementation Plan and unveiled an updated Federal Information Security Modernization Act guidance, FCW reported.
- The plan defines a "major" cybersecurity breach and directs agencies to report such breaches to Congress within seven days.
- Scott called the plan a "comprehensive review" based on analysis of "[more than] 100 experts from across the government and private industry."
The plan builds on results from last summer's federal cybersecurity sprint, which found that 14 major civilian agencies surpassed Scott's goal of 75% for strong authentication, and several agencies hit 100% for privileged users alone. Ten agencies missed the mark.
"The team's review made clear that we must continue to double down on this Administration's broad strategy to enhance federal cybersecurity and fundamentally overhaul information security practices, policies, and governance," Scott wrote.
The new plan has five main objectives, including prioritized identification and protection of high-value assets and information and timely detection of and rapid response to cyber incidents.
The first milestone: all agencies must identify and report high-value assets by Nov. 13, 2015.