Skip to main content
  • Click to open or close the program search boxShow Me Programs
    • Show me the programs that are
      performing Go
    • Show me the programs that are
High Risk Issue


View Detailed Plan

Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructure

Problem: Federal agencies have not complied consistently with the Federal Information Security Management Act (FISMA) overall requirement to develop, document, and implement agency-wide information security programs.

Goal: Develop a long-range plan to reduce risk and improve the effectiveness and efficiency of government and critical infrastructure information systems security programs through the consistent implementation of security controls and improved performance measurement.


  • Increase compliance with the Federal Information Security Management Act and other guidance

    • Information Systems Security Line of Business -- Provides leadership and direction for improving effectiveness and consistency of information systems security across the federal government
  • Support and promote the development and implementation of risk-based, cost-effective measures for protecting cyber infrastructure

    • Information Technology Sector-Specific Plan -- Provides a framework for identifying and managing risk, enhancing information sharing, identifying existing and future protective programs, structuring research and development priorities, and tracking progress
    • a) Cyber Exercise Program -- Improves the Nation's cyber security and response posture by creating, sponsoring, executing, and participating in cyber exercises at the national/international government level, as well as at the state, regional, local, and sector-level. b) Cyber exercises and workshops are designed to enhance collective cyber security readiness, protection, and incident response capabilities.
    • United States Computer Emergency Readiness Team - Promotes and coordinates the cybersecurity of the Federal IT infrastructure to help secure and defend the nation from cyber events, incidents, intrusions and attacks.
  • Provide a foundation for addressing challenges to securing information systems that support CIKR

    • National Infrastructure Protection Plan -- Provides a coordinated approach for establishing national priorities, goals, and requirements for critical infrastructure and key resource (CIKR) protection and sets forth a comprehensive framework for managing risk to the physical, cyber, and human elements of CIKR
    • Cross Sector Cyber Security -- Provides cyber guidance and methodologies to sectors to assist them in mitigating cyber risk (especially cyber infrastructure vulnerabilities), developing effective protective measures and information sharing mechanisms, and ensuring CIKR protection efforts address cyber security Control Systems Security --Identifies cyber security vulnerabilities, develops vulnerability mitigation recommendations and strategies, develops and delivers guidance and training, and coordinates government and industry activities to reduce the risk to CIKR control systems
    • Cyber Exercise Program -- Provides the necessary environment to exercise the processes, procedures, and relationships that are created as part of the CIKR sector partnership framework
The content on is developed by the U.S. Office of Management and Budget and Federal agencies.