As stated in President Biden’s Executive Order on Improving the Nation’s Cybersecurity (EO 14028), “the United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” EO 14028 and subsequent Administration actions are prioritizing Federal agency investments in cybersecurity defenses, including migrating to a zero trust architecture. With these actions, the Federal Government seeks to rapidly shift to a new cybersecurity paradigm, and dramatically reduce the risk of successful cyber attacks against our digital infrastructure.
Each fiscal year, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency develop cybersecurity metrics – known as Federal Information Security Modernization Act (FISMA) metrics – to be used in oversight of agencies’ information security policies and practices.
These metrics set forth a maturity baseline for cybersecurity to enable more informed, risk-based decisions and to achieve observable security outcomes. The cybersecurity scores below, which are derived from those FISMA metrics, represent the Federal Government’s progress in achieving EO 14028 milestones and implementing key cybersecurity measures.
OMB is committed to working with agencies to strengthen and modernize their information technology systems to bolster their cybersecurity posture and improve the defense and resilience of the networks they manage on behalf of the American people. Federal agencies are making tangible security gains, but large-scale change as envisioned in EO 14028 requires continued investment, collaboration, and cultural change.