Alert

High Value Asset (HVA) Assessments

How to Prepare for Cybersecurity and Infrastructure Security Agency HVA Assessments

Does your organization have an HVA?

The U.S. government currently has more than 800 unique HVA systems, and agencies are required to have qualified assessors perform HVA assessments on their systems every three years. Are you ready?1


Overview

Binding Operational Directive 18-02 requires agencies to identify and designate HVAs, which the Cybersecurity and Infrastructure Security Agency (CISA) then designates as either Tier 1 or Non-Tier 1 (NT1), depending on such variables as system complexity, data sensitivity, and the total number of HVAs reported.

CISA identified that HVAs must conduct assessments every three years. For Tier 1 systems, CISA must conduct the assessments. For NT1 systems, assessments can be completed by a third-party assessor or by the agency itself. Additionally, assessors must be qualified by CISA.

Guidehouse’s security experts are qualified by CISA to perform HVA assessments. Our professionals can both support your organization in meeting Federal requirements and more importantly, provide strategic recommendations to immediately enhance your security posture.z

 

Our Approach

Guidehouse provides a tailored, time-tested approach to assess your system against and/or prepare your system for the CISA HVA requirements. We bring a team of highly qualified testers trained by CISA to work closely with your system leadership, subject matter experts, and others to ensure you understand exactly what is going well, where there are opportunities for improvement, and how to improve.

Our assessment includes three key steps:

Table Graph

 

What You Get

  • Assessment methodology tailored to your system
  • Report on observations within the CISA HVA assessment template
  • Technical documentation that allows you to recreate our findings
  • Recommendations to assist in improving security posture and compliance

 

Listen to our expert provide an overview of the requirements

____________________________________________________________________________

1https://www.cisa.gov/binding-operational-directive-18-02


Let Us Guide You

Guidehouse is a global consultancy providing advisory, digital, and managed services to the commercial and public sectors. Purpose-built to serve the national security, financial services, healthcare, energy, and infrastructure industries, the firm collaborates with leaders to outwit complexity and achieve transformational changes that meaningfully shape the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.