CISO PURPOSE: The Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to establish, document, and implement an enterprise-wide information security program that includes risk management, continuous monitoring, incident response, and annual reporting. Agencies must also designate a Chief Information Security Officer (CISO) to oversee this program and ensure compliance with standards and guidelines provided by the National Institute of Standards and Technology (NIST).

APPROACH: The Vision, Strategy, Policy, Governance, Oversight, Advocacy (VSPGOA) (pronounced: viz-go-ah) approach is the multi-dimensional lens through which the Department of the Air Force (DAF) CISO accomplishes these functions, shapes and informs the DAF Cybersecurity Strategy, implements the DAF Cybersecurity Program, and measures its alignment through a cybersecurity posture.

The Lines of Effort (LOEs) are congruent with the six core functions of the NIST Cybersecurity Framework 2.0: Govern, Identify, Protect, Detect, Respond, and Recover. By aligning to this framework, we will strengthen our cybersecurity posture, protect our service’s unique missions, and improve our ability to detect, respond to, and recover from cyber threats. Additionally, this LOE is reflective of the DAF CIO Public Strategy and is aligned to the guiding principles of warfighter effectiveness, transparent governance, operational excellence, value-driven investments, and accountability and metrics. This approach also accounts for the numerous statutes, regulations, and policies required by the Federal Government for cybersecurity. Through the VSPGOA framework, we can attain a cybersecurity posture that enables mission accomplishment.