FDA's Cybersecurity Modernization Action Plan – FDA.gov




The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
By: Vid Desai, Chief Information Officer and Craig Taylor, Chief Information Security Officer
The U.S. Food and Drug Administration is critical to protecting and promoting public health. The products the FDA regulates are in every supermarket, pharmacy, and home across the U.S. Cybersecurity touches every facet of the FDA’s broad, complex responsibility. It’s one of our agency’s top priorities, and we take it seriously, particularly given today’s increased cybersecurity risks. During the pandemic, the FDA experienced a 457% increase in reconnaissance activities, denial of service, attempted exploitation, and other cyber incidents against IT infrastructure, that includes nearly 9.5 billion firewall and intrusion detection blocks on a monthly basis. 
The FDA must enhance current cybersecurity defenses to address the ever-evolving threat landscape and protect the vital data supporting our regulatory decision-making. To achieve these new capabilities, the FDA is advancing an agency-wide approach to cybersecurity modernization under the direction of the Office of Digital Transformation, Office of Information Security (OIS). OIS provides near real-time cybersecurity capabilities and risk management methodologies to protect sensitive data and information systems and with a vision to provide a best-in-class, intelligence-driven cybersecurity program to enable the FDA’s public health mission. 
Today we are introducing the Cybersecurity Modernization Action Plan (CMAP), the next phase of the FDA’s enterprise digital approach. Our digital transformation journey began in 2019, with the Technology Modernization Action Plan (TMAP), Data Modernization Action Plan (DMAP) in 2021, and Enterprise Modernization Action Plan (EMAP) this year. 
To achieve our goals, the FDA is coupling advances in IT, data, and business process levels with improved cybersecurity capabilities. The CMAP outlines the measures we will take to modernize our security and cyber defenses and implement “Zero Trust.” Zero Trust is a strategy or an approach that ensures that the right people have the right access to the right resources at the right time. 
OIS will work across the agency and in alignment with the TMAP, DMAP, EMAP, in implementing the FDA’s Cybersecurity Strategic Plan 2022-2025. The CMAP also aligns with the recent Presidential Executive Order 14028 Improving the Nation’s Cybersecurity and the Office of Management and Budget OMB M-22-09 Moving the U.S. Government Toward Zero Trust Cybersecurity Principals
The key CMAP objectives are to: 
As the cyber threat landscape evolves globally, threat actors present ever-changing challenges. The FDA will modernize our cyber defenses and will continue to develop our workforce to meet current and future cybersecurity needs. Our workforce activities will focus on adopting new processes and technologies to create a skilled workforce that leverages state-of-the-art technologies and advances processes to address the challenges of a rapidly changing threat environment.
As a “mission first, people always” organization, the FDA actively invests in cybersecurity talent acquisition and development as outlined in Presidential Executive Order 13870 America’s Cybersecurity Workforce. These efforts prioritize the skillsets needed to meet our next-generation cyber needs and modernization objectives.
This cybersecurity modernization plan will serve as our roadmap to effectively transition to a Zero Trust model that will enhance and underpin the security and success of our ongoing IT, data, and business process modernization. This transformation builds on the fundamental cybersecurity concepts and technologies with the goal to attain an optimal maturity level by upgrading, modernizing, and enhancing our security and cyber defenses to address evolving cyber threats, vulnerabilities, and risks to the FDA’s IT infrastructure and sensitive data in direct support of FDA’s mission to protect and promote U.S. public health. 
 

Subscribe to receive FDA Voices email notifications.

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page