description
The management and implementation of information security is critical to Treasury’s daily operations and fulfillment of its mission. Treasury’s Cyber Security program addresses the protection of both classified and unclassified systems throughout the Department. Our program implements the Federal Information Security Management Act of 2002 (FISMA), which provides the overall information security policy framework and sets cyber security requirements for systems throughout the Federal Government. For example, FISMA requires that agencies establish an information security program, annually test security controls, and provide security training. Each bureau operates and maintains an information security program consistent with Federal and Departmental requirements.
contents
The Department’s central program focuses its work in the following areas:
Cyber Security Policy and Program Performance Measurement
Manages and coordinates the Departmental cyber security policy for sensitive (unclassified) systems throughout the Department, assuring these policies and requirements are updated to address today’s threat environment, and conducts program performance, progress monitoring, and analysis.
Cyber Security FISMA Performance and Technical Review
Provides assistance, conducts reviews, and tracks metrics to enhance security performance thereby strengthening the overall cyber security posture of the Department.
Vulnerability Analysis, Configuration and Planning
Analyzes current and emerging technologies and directs the Department’s strategies and plans to mitigate cybersecurity risks from configuration and other vulnerabilities.
Cyber Critical Infrastructure Protection
Implements cyber-related requirements of Homeland Security Presidential Directive No. 7, “Critical Infrastructure Identification, Prioritization, and Protection” focusing on the protection of Department-owned cyber assets.
Treasury Computer Security Incident Response Capability (TCSIRC)
Leads the TCSIRC; provides Department-wide policy to the operation of each bureau’s Computer Security Incident Response Center (CSIRCs); facilitates incident reporting with external reporting entities and conducts performance monitoring and analyses of CSIRCs within the Department.
National Security Systems
Manages and coordinates the Department-wide program to address the cyber security requirements of national security systems through the development of policy and program and technical security performance reviews.
Cyber Security Sub Council of the Treasury CIO Council
Serves as the formal means for gaining bureau input and advice as new policies are developed, enterprise-wide activities are considered, and performance measures and developed and implemented; provides a structured means for information-sharing among the bureaus.
Key Documents
Last Updated:
April 3, 2008
|