ONCD Releases National Cybersecurity Strategy Implementation Plan — July 13, 2023
The first implementation roadmap assigns more than 65 initiatives to federal agencies to deliver the 2023 National Cybersecurity Strategy.
Executive briefing: On the White House Office of the National Cyber Director (ONCD) published the National Cybersecurity Strategy Implementation Plan (NCSIP). The plan defines initiatives, lead agencies, and timelines to execute the five pillars of the national strategy released earlier that year.
Implementation priorities
- Defend critical infrastructure. Actions include CIRCIA rulemaking, health sector cybersecurity performance goals, and updated pipeline security directives.
- Disrupt threat actors. The plan directs the creation of a joint ransomware task force and expanded use of Treasury sanctions against cybercriminal affiliates.
- Shape market forces. Federal agencies must advance secure software development requirements, including OMB software attestation mandates.
Control alignment guidance
- Regulatory planning. Monitor NCSIP milestones that will trigger new sectoral rules—such as TSA updates or SEC incident disclosure expectations.
- Public-private coordination. Engage with SRMAs and Information Sharing and Analysis Centers (ISACs) to align voluntary initiatives, including performance goals and secure-by-design pledges.
- Budget justification. Use the plan’s tasks and timelines to support investment cases for critical infrastructure resilience projects.
Operational recommendations
- Assign cross-functional owners to track NCSIP milestones relevant to your sector and integrate them into enterprise risk registers.
- Review upcoming requests for information or rulemakings referenced in the plan to prepare timely compliance responses.
- Coordinate with supply chain partners on software assurance requirements stemming from OMB’s secure software development attestation process.