High Value Asset (HVA) Assessments

How to Prepare for Cybersecurity and Infrastructure Security Agency HVA Assessments

Learn More

Does your organization have an HVA?

The U.S. government currently has more than 800 unique HVA systems, and agencies are required to have qualified assessors perform HVA assessments on their systems every three years. Are you ready?

Learn how you can prepare for CISA HVA assessments.

Listen to our expert provide an overview of the requirements.


Binding Operational Directive 18-02 requires agencies to identify and designate HVAs, which the Cybersecurity and Infrastructure Security Agency (CISA) then designates as either Tier 1 or Non-Tier 1 (NT1), depending on such variables as system complexity, data sensitivity, and the total number of HVAs reported.

CISA identified that HVAs must conduct assessments every three years. For Tier 1 systems, CISA must conduct the assessments. For NT1 systems, assessments can be completed by a third-party assessor or by the agency itself. Additionally, assessors must be qualified by CISA.

Guidehouse’s security experts are qualified by CISA to perform HVA assessments. Our professionals can both support your organization in meeting Federal requirements and more importantly, provide strategic recommendations to immediately enhance your security posture.

Our Approach

Guidehouse provides a tailored, time-tested approach to assess your system against and/or prepare your system for the CISA HVA requirements. We bring a team of highly qualified testers trained by CISA to work closely with your system leadership, subject matter experts, and others to ensure you understand exactly what is going well, where there are opportunities for improvement, and how to improve.

Our assessment includes three key steps:

Table Graph

What you get

  • Assessment methodology tailored to your system
  • Report on observations within the CISA HVA assessment template
  • Technical documentation that allows you to recreate our findings
  • Recommendations to assist in improving security posture and compliance

About the Experts

Back to top