skip to Main Content
the face of a building

Quick Take: DHS is Implementing the President’s Cybersecurity Memorandum

Following up on the July 28, 2021 cybersecurity memorandum by the President, the Department of Homeland Security (DHS) announced this week the results of a review of resources and practices by DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST). This review led CISA and NIST to identify nine categories of cybersecurity practices and to use those categories as the preliminary basis of related cybersecurity performance controls.

The following are the nine identified categories and related high-level goals listed by the DHS, each of which has a familiar ring for all of us who have been involved over the years in implementing ITAR, DFARS, and NIST SP 800-171 controls and best practices:

  1. Risk Management and Cybersecurity Governance
  2. Architecture and Design
  3. Configuration and Change Management
  4. Physical Security
  5. System and Data Integrity, Availability, and Confidentiality
  6. Continuous Monitoring and Vulnerability Management
  7. Training and Awareness
  8. Incident Response and Recovery
  9. Supply Chain Risk Management

In its written announcement, DHS provided a brief explanation of the goals, rationale, and baseline objectives for each category.

Each of us involved in trade compliance or federal contracting, or providing support for those who are, should become very familiar with what the DHS has announced as it will no doubt form the basis for what is coming.

Click to rate this post!
[Total: 0 Average: 0]

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top