An Alternative International Approach for Cyber Security Risk Management
The Augusta plan V2.0 extends Augusta plan V1.0 by accounting for existing cyber and information security regulation. That is already in place in the US to deliver Cyber – Supply Chain Risk management (C-SCRM). C-SCRM is not a new issue, US Federal government has been working unsuccessfully to resolve cybersecurity since the passing by Congress of the Federal Information Security Management Act (FISMA) in 2002 and modified in 2014 (Modernization). FISMA requires the adoption of the Risk Management Framework (RMF, NIST SP 800 – 37R2) by all Federal Agencies, their contractors, and the development of C-SCRM policy, the application of risk management practices that align with both FISMA and Office of Management and Budget (OMB) A-130 Managing Information as a Strategic Resource.
OMB circular A-130 establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services, requiring Federal agencies to adhere to the Federal Information Security Modernization Act. As an example, the DoD is working towards meeting this requirement through the adoption of DoDI 8510.01 (Risk Management Framework (RMF) for DoD Information Technology (IT)) and DoDI 5000.90 (Cybersecurity for Acquisition Decision Authorities and Program Managers).
Augusta plan V 2.0, accounts for existing OMB A-130 and FISMA regulation. Setting out a program for Federal Agencies and their contractors to adopt cyber risk management practices defined under NIST SP 800-37R2. Maintaining existing regulated US Federal Government cybersecurity compliance, providing an economically viable solution to support small business deploy cybersecurity and a solution that can be applied across international supply chains. Including those that the US Department of Defense relies upon to deliver weapon system.
THE AUGUSTA PLAN 2.0
A cyber-risk management solution that addresses OMB A-130, FISMA using industry specific Cybersecurity Framework (CSF) profiles and quality assured audits to place international oversight and assurance of Federal Cyber