Catch Michael Duffy discuss CISA’s cyber alignment strategy for federal operations

February 24, 2024
1 min read

TLDR:

Michael Duffy, the associate director of the cybersecurity division at CISA, discusses the Federal Enterprise Operations Cyber Alignment Plan, which aims to enable federal agencies to share information on cyber incidents and develop a unified strategy. Duffy emphasizes the importance of alignment in addressing cybersecurity issues and highlights the known exploited vulnerabilities catalog, the federal zero trust managers community of practice, and the mobile app vetting service as key initiatives. The plan also includes a training program for zero trust managers to ensure a standardized approach to cyber challenges at the enterprise level.

In a recent interview, Michael Duffy, the associate director of the cybersecurity division at CISA, shared insights into the agency’s new Federal Enterprise Operations Cyber Alignment Plan. This plan is designed to facilitate collaboration among federal agencies in addressing cyber incidents and developing a unified cybersecurity strategy. Duffy emphasized the importance of alignment in addressing cybersecurity challenges and highlighted key initiatives within the plan.

One of the key components of the plan is the known exploited vulnerabilities catalog, which agencies can use to monitor potential risks. Duffy also discussed the federal zero trust managers community of practice, which aims to standardize approaches to cyber challenges at the enterprise level. Additionally, Duffy mentioned the progress made with the mobile app vetting service, which helps identify vulnerabilities and support risk-based decision-making.

The plan includes a training program for zero trust managers to ensure a consistent and comprehensive understanding of cyber challenges. By providing a standard baseline of understanding, zero trust managers can effectively contribute to discussions and decision-making processes at the enterprise level.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and