Homeland Security Secretary Jeh Johnson earlier in June directed federal civilian agencies and departments to work with DHS in assessing their high value network assets for cyber security risks and then take actions to secure these systems.
In written testimony to the Senate Judiciary Committee, Johnson said that he issued a binding operational directive (BOD) that “mandated that agencies participate in DHS-led assessments of their high value assets and implement specific recommendations to secure these important systems from our adversaries. We are working aggressively with the owners of those systems to increase their security.
The June 9 BOD follows one that Johnson issued to federal civilian agencies in May 2016 in the immediate aftermath of a cyber hack against the Office of Personnel Management records. In the first BOD Johnson stated that “I directed civilian agencies to promptly patch vulnerabilities on their Johnson’s authority to issue the BODs follows congressional approval in 2014 of an updated Federal Information Security Modernization Act, better known as FISMA. The BODs are mandatory instructions to federal agencies to implement information security measures.