The U.S. government currently has more than 800 unique HVA systems, and agencies are required to have qualified assessors perform HVA assessments on their systems every three years. Are you ready?1
Binding Operational Directive 18-02 requires agencies to identify and designate HVAs, which the Cybersecurity and Infrastructure Security Agency (CISA) then designates as either Tier 1 or Non-Tier 1 (NT1), depending on such variables as system complexity, data sensitivity, and the total number of HVAs reported.
CISA identified that HVAs must conduct assessments every three years. For Tier 1 systems, CISA must conduct the assessments. For NT1 systems, assessments can be completed by a third-party assessor or by the agency itself. Additionally, assessors must be qualified by CISA.
Guidehouse’s security experts are qualified by CISA to perform HVA assessments. Our professionals can both support your organization in meeting Federal requirements and more importantly, provide strategic recommendations to immediately enhance your security posture.z
Guidehouse provides a tailored, time-tested approach to assess your system against and/or prepare your system for the CISA HVA requirements. We bring a team of highly qualified testers trained by CISA to work closely with your system leadership, subject matter experts, and others to ensure you understand exactly what is going well, where there are opportunities for improvement, and how to improve.
Our assessment includes three key steps:
Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.