FY2024 FOCAL Plan: What you need to know

Understanding the FOCAL Plan

The FOCAL Plan serves two core purposes: 

• Strategic alignment: It aligns cyber security efforts across federal agencies to foster a cohesive approach to mitigating risks. 
• Tactical action: It provides specific, actionable steps that agencies can take to improve their cyber security posture over the next year. 

At its heart, the FOCAL Plan aims to close the gap between agencies’ varying cyber security capabilities, ensuring that all federal systems are better equipped to handle today’s sophisticated cyber threats. 

Priority areas of focus

CISA’s FY2024 FOCAL Plan is built around five priority areas that target critical aspects of federal cyber security. These areas are the foundation for driving alignment and securing the federal government’s digital infrastructure. 

 

 

1. Asset management 

Understanding and maintaining full visibility into the federal cyber environment is a fundamental element of defense. Every asset within an agency’s network must be accounted for and managed to ensure that vulnerabilities are identified and addressed promptly. 

Key goals

• Establishing automated systems for discovering and cataloging hardware and software assets.
• Maintaining real-time, centralized asset inventories. 
• Closing gaps in asset visibility to allow for quicker identification of security risks.

 

2. Vulnerability Management 

The federal attack surface has grown dramatically with the expansion of digital services and remote work capabilities. Managing vulnerabilities across this complex environment is essential to reducing risks. 

Key goals 

• Performing regular vulnerability scans and remediating critical risks in a timely manner. 
• Prioritizing vulnerabilities using both internal capabilities and CISA advisories. 
• Developing procedures for addressing vulnerabilities across all internet-accessible assets. 

 

3. Defensible architecture 

As agencies continue modernizing their IT systems, it’s vital to build resilient architectures capable of withstanding attacks. The concept of a “defensible architecture” assumes that some incidents are inevitable, so systems should be designed to minimize harm even after a breach. 

Key goals

• Securing cloud business applications using standardized configurations. 
• Sharing critical cyber security telemetry data with CISA to improve federal visibility into network activity. 
• Adopting a Zero Trust (ZT) framework to prevent unauthorized access and lateral movement within networks. 

 

4. Cyber Supply Chain Risk Management (C-SCRM) 

Third-party vendors and external software providers are a significant source of cyber risk. CISA’s C-SCRM strategy aims to protect the federal supply chain by ensuring that agencies can swiftly identify and mitigate risks posed by compromised third-party products. 

Key goals 

• Developing processes for the rapid removal of high-risk software and hardware from federal systems. 
• Integrating C-SCRM requirements into procurement contracts to ensure vendors meet security standards. 
• Engaging leadership to address supply chain risks proactively. 

 

5. Incident detection and response 

No cyber security framework can fully prevent adversaries from gaining access to systems. This makes early detection and a swift response critical to minimizing damage. The FOCAL Plan emphasizes the importance of bolstering incident detection and response capabilities, particularly at the Security Operations Center (SOC) level. 

Key goals 

• Expanding the use of Endpoint Detection and Response (EDR) solutions to enable persistent visibility across federal systems. 
• Improving SOC governance to ensure rapid response and minimize the impact of security incidents. 
• Sharing threat intelligence across agencies to improve situational awareness and overall response effectiveness. 

 

CISA’s role in cyber security alignment

CISA plays a central role in guiding federal agencies toward stronger cyber security practices. It leads the implementation of the FOCAL Plan by providing the necessary resources, advisories, and frameworks for improving security across the FCEB. 

Through increased collaboration between CISA and individual agencies, the federal enterprise will be better prepared to respond to cyber incidents and prevent future threats. Agencies must align their operations with CISA’s strategic guidance to create a unified defense against evolving cyber adversaries. 

 

Moving forward with cyber security improvements

The FOCAL Plan provides a clear path forward for federal agencies to enhance their cyber security posture. The success of this initiative will depend on each agency’s commitment to implementing the alignment goals laid out across the five priority areas. 

Next steps for agencies 

• Establish automated processes for asset management and vulnerability scanning. 
• Build resilient IT architectures using Zero Trust principles. 
• Strengthen SOC capabilities and ensure continuous information sharing with CISA. 
• Proactively manage cyber supply chain risks by developing comprehensive C-SCRM strategies. 

By following the FOCAL Plan, federal agencies can strengthen their defenses and build a more secure digital infrastructure. 

 

Conclusion

The FY2024 FOCAL Plan represents a significant step toward improving cyber security across federal agencies. Its focus on asset management, vulnerability mitigation, defensible architecture, supply chain security, and incident response sets the foundation for a more resilient federal enterprise. As cyber threats continue to grow in complexity, collaboration between agencies and CISA will be key to ensuring the safety and security of government services and data. 

By adopting the practices outlined in the FOCAL Plan, agencies will be better equipped to handle the challenges of today’s cyber security landscape and protect against future attacks. 

 

Further reading

Each new vulnerability is a reminder of where we stand and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors: 

1. Q1 2024 Vulnerability Watch
2. The MITRE ATT&CK framework: Getting started
3. The true impact of exploitable vulnerabilities for 2024
4. Vulnerability disclosure policy (and how to get it right)
5. How to properly tackle zero-day threats