The Federal High Value Asset (HVA) Program Management Office (PMO) plans, prioritizes, and coordinates delivery of CISA-led cybersecurity services to Federal agencies with the goal to assess the enterprise risk posture across the Federal HVA enterprise.
HVA PMO Services
The Federal HVA PMO plans, prioritizes, and delivers CISA-led Cyber Security services to Federal agencies, to assess enterprise risks’ impact across the Federal HVA enterprise. These assessments enhance the Cyber Security of the Federal HVA Enterprise across the Federal government.
The HVA Program’s Cyber Security service portfolio includes, but is not limited to:
- Security Architecture Review (SAR): a collaborative evaluation of an agency’s HVA Cyber Security posture, inclusive of the HVA and its underlying components.
- Risk and Vulnerability Assessment (RVA): a collaborative effort to assess the accessibility and Cyber Security posture of the HVA and its surrounding infrastructure.
Other assessments in the service portfolio may be available on an as-needed basis to include:
- Federal Incident Response Evaluation (FIRE) with Security Operations Center (SOC) Module
- Vulnerability Scanning Assessment (Cyber Hygiene Scans)
- Red Team Assessment (RTA)
Below is a summary table of available HVA assessments and requirements for tiered systems.
HVA Assessment* |
Applicability |
Tier 1 Minimum Requirements |
(Pending) Tier 2* Minimum Requirements |
(Pending) Tier 3* Minimum Requirements |
Security Architecture Review (SAR) |
Each HVA |
CISA-Led once every 3 Years |
3rd Party/Independent Assessor once every 3 Years |
Self-Assessment once every 3 Years |
Risk and Vulnerability Assessment (RVA) |
Each HVA |
CISA-Led once every 3 Years |
3rd Party/Independent Assessor once every 3 Years |
Self-Assessment once every 3 Years |
* DHSCISA may expand this service portfolio to include additional services aimed at improving the cybersecurity posture of the Federal HVA Enterprise.
Contact us at HVAPMO@cisa.dhs.gov