High Value Assets (HVAs) and Your Organization

Is your agency meeting the government wide HVA Assessment requirement?

Per White House Memorandum M-19-03 and Binding Operational Directive 18-02, HVAs are required to be assessed every three years. Assessment must be led by teams who have successfully passed CISA HVA-specific training.

Highlights of the HVA Requirement

Binding Operational Directive (BOD) 18-02, issued by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), is focused on enhancing the security of High-Value Assets (HVAs) within federal agencies. High-Value Assets are federal information systems, information, and data that, if compromised, could cause significant impact to the United States’ national security, economy, public health, or safety. BOD 18-02 outlines the steps and measures federal agencies must take to better protect these assets from cybersecurity threats.

What’s My Agency’s Responsibility?

Key agency responsibilities outlined in BOD 18-02 and M-19-03 include:

Agency’s Responsibility

The Antean Difference

Antean has a rare combination of experience both in defending and successfully conducting High-Value Asset (HVA) assessments. Our team’s differentiators start with a deep understanding of the complexities and intricacies involved in identifying, evaluating, and protecting HVAs which is derived from years of experience in direct support as security engineers and information system security officers in multiple federal agencies.
In addition, Antean’s expert team of security professionals has completed the CISA HVA certification process, demonstrating their understanding of the risk assessment process and technical evaluation procedures required for HVA assessments. Our certified HVA team leverages decades of cybersecurity experience to conduct thorough and effective assessments, leveraging CISA-approved methodologies and best practices.
Assessment Focus Area HVA Requirement The Antean Difference
Controls Testing Perform assessment of critical architecture, NIST control families, and associated security processes & capabilities. Our controls testing SMEs are informed by experience successfully completing HVA assessments on DHS systems. The Antean team has experts in FedRAMP, NIST CSF, ISO, and other security frameworks to provide tailored, actionable guidance for remediation and reporting.
Penetration Testing Perform penetration testing of external and internal systems including exploitation. Antean’s penetration testing team members have 1) successfully completed HVA penetration tests against HVA systems and 2) have successfully passed the CISA operator testing requirements.
Antean’s teams possess expertise in penetration testing and exploitation techniques for Cloud, traditional, and non-traditional environments according to industry frameworks and standards.

Antean has invaluable experience which can only be gained from successfully conducting previous HVA assessments. Our team knows what is required to quickly develop an understanding of the HVA architecture, identify potential risks and vulnerabilities, and report those issues. Antean’s corporate processes and years of experience with HVAs provide valuable insight that may not be immediately apparent to less experienced teams.

Lastly, Antean’s certified and experienced HVA team has the commercial and Federal expertise to advise and support the establishment of a strong security culture within an organization. Post-HVA reporting will result in remediation activities for HVA system owners. The Antean portfolio includes a team with knowledge of CISA HVA practices, FedRAMP, Cybersecurity Maturity Model Certification (CMMC), and NIST Engineering best practices. Our proactive guidance for mitigations can serve as a benchmark for security practices across the company, critical for the long-term protection of high-value assets.

Antean Can Help

Contact us to find out more about how we can help evaluate and report on your agency’s HVAs.

Address

5680 King Centre Drive,
Suite 600, Alexandria, VA 22315

Scroll to Top