Search CSRC

The Comprehensive National Cybersecurity Initiative (March 2010) was originally described in Homeland Security Presidential Directive/HSPD-23 (January 8, 2008). The CNCI is a driver for cybersecurity education and supply chain risk management.

OMB Memo M-16-04, Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government (October 30, 2015), resulted from a comprehensive review in 2015 of the Federal Government's cybersecurity policies, procedures, and practices by the Cybersecurity Sprint Team. Its intent was to identify and address critical cybersecurity gaps and emerging priorities, and make specific recommendations to address those gaps and priorities. The five objectives of CSIP are: Prioritized Identification and Protection of high value information and assets; Timely Detection of and Rapid...

The Cyberspace Policy Review (May 2009) served as a driver for both the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the National Initiative for Cybersecurity Education (NICE).  

Improving Critical Infrastructure Cybersecurity (February 12, 2013) initiated development of the Cybersecurity Framework (CSF).

Creating a National Strategic Computing Initiative (July 29, 2015)

Commission on Enhancing National Cybersecurity (February 9, 2016)

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (May 11, 2017)

Federal Cybersecurity Research and Development Strategic Plan (February 5, 2016)

Critical Infrastructure Identification, Prioritization, and Protection (December 17, 2003).

Policy for a Common Identification Standard for Federal Employees and Contractors (August 27, 2004) initiated the development effort for FIPS 201 and other publications and testing related to Personal Identity Verification (PIV).

Office of Management and Budget (OMB) Circular A-11, Preparation, Submission, and Execution of the Budget (updated annually)

Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource (July 28, 2016).

Vulnerabilities are "weaknesses in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source." [SP 800-37 Rev. 2, Appendix B]