FY 2019 Annual Performance Plan and Report - Goal 5 Objective 4
Topics on this page: Goal 5. Objective 4 | Objective 5.4 Table of Related Performance Measures
Goal 5. Objective 4: Protect the safety and integrity of our human, physical, and digital assets
Protecting the privacy of personally identifiable information—such as birthdates and Social Security numbers—and securing Federal information systems and critical infrastructure are challenges for Federal agencies. HHS is working to improve how it protects the security and privacy of electronic health information and to consistently address controls that prevent unauthorized use and unauthorized changes to information system resources, monitor building and access control systems, and ensure that all HHS staff and contractors are vetted properly and understand cybersecurity risks. Keeping personal information safe increases trust and confidence in HHS and its information and reporting systems.
Yet providing security for HHS involves more than preventing breaches or cybersecurity attacks. The Department’s operating divisions and staff divisions participate in efforts to preserve physical security; personnel security and suitability; security awareness; information security, including the safeguarding of sensitive and classified material; and security and threat assessments. In addition, the Department has established a network of scientific, public health, and security professionals internally, as well as points of contact in other agencies, in the intelligence community, and in the Information Sharing Environment Council. The Department has specialized staff to provide policy direction to facilitate the identification of potential vulnerabilities or threats to security, conduct analyses of potential or identified risks to security and safety, and work with agencies to develop methods to address them.
The Office of the Secretary leads this objective. All divisions contribute to the achievement of this objective.
Objective 5.4 Table of Related Performance Measures
Decrease the Percentage of Susceptibility among personnel to phishing (Lead Agency - ASA; Measure ID - 3.5)
| FY 2012 | FY 2013 | FY 2014 | FY 2015 | FY 2016 | FY 2017 | FY 2018 | FY 2019 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | Set Baseline | TBD |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | Sep 30, 2018 | N/A |
| Status | N/A | N/A | N/A | N/A | N/A | N/A | Pending | Pending |
Through the combination or training, education, and tools (e.g., email add-in), the purpose of the measure is to reduce the likelihood of staff falling for fake email attempts over time. A baseline will be established using data collected through OCIO’s enterprise Phishme solution and a target will be set with a goal of negative responses decreasing over time.
Increase the number of days since last major incident of personally identifiable information (PII) breach (Lead Agency - ASA; Measure ID - 3.6)
| FY 2012 | FY 2013 | FY 2014 | FY 2015 | FY 2016 | FY 2017 | FY 2018 | FY 2019 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | Set Baseline | TBD |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | Sep 30, 2018 | N/A |
| Status | N/A | N/A | N/A | N/A | N/A | N/A | Pending | Pending |
This measure serves as an enterprise-wide countdown measure since the last day of a major PII incident in the Department as well as a gauge for the number of major PII incidents. The baseline will be set by September 30, 2018. The number of days will continue to increase unless there is a major incident, at which point the count resets.
