High Value Asset (HVA) Assessments

How to Prepare for Cybersecurity and Infrastructure Security Agency HVA Assessments

Does your organization have an HVA?

The U.S. government currently has more than 800 unique HVA systems, and agencies are required to have qualified assessors perform HVA assessments on their systems every three years. Are you ready?1


Binding Operational Directive 18-02 requires agencies to identify and designate HVAs, which the Cybersecurity and Infrastructure Security Agency (CISA) then designates as either Tier 1 or Non-Tier 1 (NT1), depending on such variables as system complexity, data sensitivity, and the total number of HVAs reported.

CISA identified that HVAs must conduct assessments every three years. For Tier 1 systems, CISA must conduct the assessments. For NT1 systems, assessments can be completed by a third-party assessor or by the agency itself. Additionally, assessors must be qualified by CISA.

Guidehouse’s security experts are qualified by CISA to perform HVA assessments. Our professionals can both support your organization in meeting Federal requirements and more importantly, provide strategic recommendations to immediately enhance your security posture.z


Our Approach

Guidehouse provides a tailored, time-tested approach to assess your system against and/or prepare your system for the CISA HVA requirements. We bring a team of highly qualified testers trained by CISA to work closely with your system leadership, subject matter experts, and others to ensure you understand exactly what is going well, where there are opportunities for improvement, and how to improve.

Our assessment includes three key steps:

Table Graph


What You Get

  • Assessment methodology tailored to your system
  • Report on observations within the CISA HVA assessment template
  • Technical documentation that allows you to recreate our findings
  • Recommendations to assist in improving security posture and compliance


Listen to our expert provide an overview of the requirements



Let Us Help Guide You

Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.