Capitalizing on the President’s Management Agenda’s call to develop a pipeline of cybersecurity talent, the Chief Information Security Officers and Chief Information Officers councils have crafted a new volume of information that agencies can use to “upskill” and train cybersecurity professionals.
The CISO Handbook, released Tuesday, compiles core elements of the government’s approaches to cybersecurity and risk management, including the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, into a compendium of institutional knowledge to train potential executives.
“The handbook will help CISOs embrace risk management practices like the NIST Cybersecurity Framework in the context of legislation, policy and federal guidance,” said Emery Csulak, CISO at the Centers for Medicare & Medicaid Services, in a statement. “Breaking the complex conversation of the CISO role and risk management into consumable pieces can only help the community succeed in bringing new talent onboard and meeting our mission needs.”
The PMA and resulting initiatives have placed a greater emphasis on recruiting professionals and reskilling some current employees into cybersecurity roles. The handbook aims to showcase the CISO role, the bird’s eye view of responsibilities down to the granular details of risk management in an agency’s cyber posture.
The handbook includes sections detailing the role of a CISO in an agency — including the reporting requirements — as well as plans and initiatives for navigating risk, resources for managing the workforce, contractor capabilities and governmentwide service offerings.
Agency leaders can also leverage an extensive collection of government policies, presidential directives, official guidance and publications compiled in the handbook’s appendices.
Given the ongoing developments in cybersecurity standards within the federal government, Cord Chase, senior adviser to the National Background Investigations Bureau, said the handbook’s potential as a living document of federal policy on the subject is invaluable.
“With frequent changes to policies, standards, executive orders, recommendations and new security entities being stood up, it is only appropriate that the CIO Council, in coordination with the CISO council, provide you with a handbook to clarify the cybersecurity standards,” he said in a statement. “This handbook is for federal cybersecurity professionals and CISOs, but it is valuable for other professionals as well.”
Both the CIO and CISO councils said they intend to distribute updates to the handbook as new policies and guidance are issued.