High Value Asset Program Management Office


The Federal High Value Asset (HVA) Program Management Office (PMO) plans, prioritizes, and coordinates delivery of CISA-led cybersecurity services to Federal agencies with the goal to assess the enterprise risk posture across the Federal HVA enterprise.

HVA PMO Services

The Federal HVA PMO plans, prioritizes, and delivers CISA-led Cyber Security services to Federal agencies, to assess enterprise risks’ impact across the Federal HVA enterprise. These assessments enhance the Cyber Security of the Federal HVA Enterprise across the Federal government.

The HVA Program’s Cyber Security service portfolio includes, but is not limited to:

  • Security Architecture Review (SAR): a collaborative evaluation of an agency’s HVA Cyber Security posture, inclusive of the HVA and its underlying components.
  • Risk and Vulnerability Assessment (RVA): a collaborative effort to assess the accessibility and Cyber Security posture of the HVA and its surrounding infrastructure.
    Other assessments in the service portfolio may be available on an as-needed basis to include:
  • Federal Incident Response Evaluation (FIRE) with Security Operations Center (SOC) Module
  • Vulnerability Scanning Assessment (Cyber Hygiene Scans)
  • Red Team Assessment (RTA)
    Below is a summary table of available HVA assessments and requirements for tiered systems.
     

HVA

Assessment*

Applicability

Tier 1 Minimum Requirements

(Pending) Tier 2* Minimum Requirements

(Pending) Tier 3* Minimum Requirements

Security Architecture Review (SAR)

Each HVA

CISA-Led once every 3 Years

3rd Party/Independent Assessor once every 3 Years

Self-Assessment once every 3 Years

Risk and Vulnerability Assessment (RVA)

Each HVA

CISA-Led once every 3 Years

3rd Party/Independent Assessor once every 3 Years

Self-Assessment once every 3 Years

 

* DHSCISA may expand this service portfolio to include additional services aimed at improving the cybersecurity posture of the Federal HVA Enterprise.

 

Contact us at  HVAPMO@cisa.dhs.gov

Was this document helpful?  Yes  |  Somewhat  |  No