The Cybersecurity and Infrastructure Security Agency (CISA) is launching a new program that will collect information to provide tailored technical assistance, services, and resources to critical infrastructure (CI) organizations and state, local, Tribal, and territorial (SLTT) governments.
CISA’s ReadySetCyber Initiative seeks to collect this information from U.S. CI and SLTT organizations on a voluntary and fully electronic basis so that each organization can be best supported in receiving tailored cybersecurity recommendations and services.
“The overarching goal of CISA’s ReadySetCyber Initiative is to help CI and SLTT organizations access information and services that are tailored to their specific cybersecurity needs,” the agency said in a questionnaire posted to the Federal Register on Aug. 10.
In addition, CISA expects this initiative to yield several additional benefits, including further adoption of CISA’s Cybersecurity Performance Goals (CPGs) as the default approach for assessing organizational progress, and to identify prioritized cybersecurity gaps.
CISA’s CPGs are a set of voluntary cybersecurity practices which aim to reduce the risk of cybersecurity threats to U.S. CI and SLTT organizations. CISA offers services and resources to aid CI and SLTT organizations in adopting the CPGs and seeks to make accessing appropriate services and resources as efficient as possible, especially for organizations whose cybersecurity programs operate at low levels of capability.
To measure adoption of the CPGs and assist CI and SLTT organizations in finding the most impactful services and resources for their cybersecurity programs, CISA is seeking to establish a voluntary information collection that uses respondents’ answers to tailor a recommended package of services and resources most applicable to their evaluated level of program capability.
Without collecting this information from the ReadySetCyber Initiative, CISA would be unable to tailor an appropriate suite of services, recommendations, and resources to assist the organization in protecting itself against cybersecurity threats, the agency said.
CISA will submit an information collection request on its new program to the Office of Management and Budget (OMB) for review and clearance. The agency is seeking comments from stakeholders by Oct. 10.
OMB is particularly interested in comments which:
- Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility;
- Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used;
- Enhance the quality, utility, and clarity of the information to be collected; and
- Minimize the burden of the collection of information on those who are to respond, including via the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology.
CISA’s new ReadySetCyber Initiative comes one week after the agency debuted its cyber plan for 2024-2026.
Through one of the document’s main goals – hardening the terrain – CISA pledged to provide actionable and usable guidance and direction that helps organizations prioritize the most effective security investments first and leverage scalable assessments to evaluate progress by organizations, critical infrastructure sectors, and the nation.