82 FR 49652 - National Protection and Programs Directorate; Notification of Issuance of Binding Operational Directive 18-01
DEPARTMENT OF HOMELAND SECURITY Federal Register Volume 82, Issue 206 (October 26, 2017)
Federal Register Volume 82, Issue 206 (October 26, 2017)
| Page Range | 49652-49652 | |
| FR Document | 2017-23317 |
[Federal Register Volume 82, Number 206 (Thursday, October 26, 2017)] [Notices] [Page 49652] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2017-23317] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY National Protection and Programs Directorate; Notification of Issuance of Binding Operational Directive 18-01 AGENCY: National Protection and Programs Directorate, DHS. ACTION: Issuance of a binding operational directive; notice of availability. ----------------------------------------------------------------------- SUMMARY: To safeguard Federal information and information systems, DHS has issued a binding operational directive (BOD) to all Federal, executive branch departments and agencies relating to enhanced email and web security. The BOD requires agencies to take specific actions on their information systems to improve email and web security. DHS is publishing this notice of availability to provide awareness of the BOD. DATES: Binding Operational Directive 18-01 was issued on October 16, 2017. ADDRESSES: The text of Binding Operational Directive 18-01 is available at https://cyber.dhs.gov. Submit any inquiries about this notice of availability to [email protected]. SUPPLEMENTARY INFORMATION: The Department of Homeland Security (``DHS'' or ``the Department'') has the statutory responsibility, in consultation with the Office of Management and Budget, to administer the implementation of agency information security policies and practices for information systems, which includes assisting agencies and providing certain government-wide protections. 44 U.S.C. 3553(b). As part of that responsibility, the Department is authorized to ``develop[] and oversee[] the implementation of binding operational directives to agencies to implement the policies, principles, standards, and guidance developed by the Director [of the Office of Management and Budget] and [certain] requirements of [the Federal Information Security Modernization Act of 2014.]'' 44 U.S.C. 3553(b)(2). A BOD is ``a compulsory direction to an agency that (A) is for purposes of safeguarding Federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk; [and] (B) [is] in accordance with policies, principles, standards, and guidelines issued by the Director[.]'' 44 U.S.C. 3552(b)(1). Agencies are required to comply with these directives. 44 U.S.C. 3554(a)(1)(B)(ii). Overview of BOD 18-01 In carrying out this statutory responsibility, the Department issued BOD 18-01, titled ``Enhance Email and Web Security.'' For email security, the BOD requires agencies to take specific technical actions to ensure that agency email can be encrypted in transit and is more difficult to spoof. For web security, the BOD requires agencies to take specific technical actions to ensure publicly accessible Federal Web sites and services are provided through secure connections. Across both topics, the BOD requires that agencies disable and discontinue use of certain, vulnerable ciphers and Secure Socket Layer configurations. Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications, Department of Homeland Security. [FR Doc. 2017-23317 Filed 10-25-17; 8:45 am] BILLING CODE 9110-9P-P
![49652 Federal Register / Vol. 82, No. 206 / Thursday, October 26, 2017 / Notices
assistance to the extent allowable under the Recovery, Federal Emergency at https://cyber.dhs.gov. Submit any
Stafford Act. Management Agency, 500 C Street SW., inquiries about this notice of availability
The Federal Emergency Management Washington, DC 20472, (202) 646–2833. to BOD.Feedback@hq.dhs.gov.
Agency (FEMA) hereby gives notice that SUPPLEMENTARY INFORMATION: The
SUPPLEMENTARY INFORMATION: The
pursuant to the authority vested in the Federal Emergency Management Agency
Department of Homeland Security
Administrator, under Executive Order (FEMA) hereby gives notice that
pursuant to the authority vested in the (‘‘DHS’’ or ‘‘the Department’’) has the
12148, as amended, Benigno Bern Ruiz,
of FEMA is appointed to act as the Administrator, under Executive Order statutory responsibility, in consultation
Federal Coordinating Officer for this 12148, as amended, Michael F. Byrne, of with the Office of Management and
major disaster. FEMA is appointed to act as the Federal Budget, to administer the
The following areas of the State of Coordinating Officer for this emergency. implementation of agency information
Wisconsin have been designated as This action terminates the security policies and practices for
adversely affected by this major disaster: appointment of Alejandro DeLaCampa information systems, which includes
Buffalo, Crawford, Grant, Iowa, Jackson, La as Federal Coordinating Officer for this assisting agencies and providing certain
Crosse, Lafayette, Monroe, Richland, emergency. government-wide protections. 44 U.S.C.
Trempealeau, and Vernon Counties for The following Catalog of Federal Domestic 3553(b). As part of that responsibility,
Public Assistance. Assistance Numbers (CFDA) are to be used the Department is authorized to
All areas within the State of Wisconsin are for reporting and drawing funds: 97.030, ‘‘develop[] and oversee[] the
eligible for assistance under the Hazard Community Disaster Loans; 97.031, Cora implementation of binding operational
Mitigation Grant Program. Brown Fund; 97.032, Crisis Counseling; directives to agencies to implement the
The following Catalog of Federal Domestic 97.033, Disaster Legal Services; 97.034,
Disaster Unemployment Assistance (DUA);
policies, principles, standards, and
Assistance Numbers (CFDA) are to be used
for reporting and drawing funds: 97.030, 97.046, Fire Management Assistance Grant; guidance developed by the Director [of
Community Disaster Loans; 97.031, Cora 97.048, Disaster Housing Assistance to the Office of Management and Budget]
Brown Fund; 97.032, Crisis Counseling; Individuals and Households In Presidentially and [certain] requirements of [the
97.033, Disaster Legal Services; 97.034, Declared Disaster Areas; 97.049, Federal Information Security
Disaster Unemployment Assistance (DUA); Presidentially Declared Disaster Assistance— Modernization Act of 2014.]’’ 44 U.S.C.
97.046, Fire Management Assistance Grant; Disaster Housing Operations for Individuals
and Households; 97.050, Presidentially
3553(b)(2). A BOD is ‘‘a compulsory
97.048, Disaster Housing Assistance to
Declared Disaster Assistance to Individuals direction to an agency that (A) is for
Individuals and Households In Presidentially
Declared Disaster Areas; 97.049, and Households—Other Needs; 97.036, purposes of safeguarding Federal
Presidentially Declared Disaster Assistance— Disaster Grants—Public Assistance information and information systems
Disaster Housing Operations for Individuals (Presidentially Declared Disasters); 97.039, from a known or reasonably suspected
and Households; 97.050, Presidentially Hazard Mitigation Grant. information security threat,
Declared Disaster Assistance to Individuals Brock Long, vulnerability, or risk; [and] (B) [is] in
and Households—Other Needs; 97.036, accordance with policies, principles,
Disaster Grants—Public Assistance Administrator, Federal Emergency
(Presidentially Declared Disasters); 97.039, Management Agency. standards, and guidelines issued by the
Hazard Mitigation Grant. [FR Doc. 2017–23245 Filed 10–25–17; 8:45 am] Director[.]’’ 44 U.S.C. 3552(b)(1).
BILLING CODE 9111–23–P Agencies are required to comply with
Brock Long, these directives. 44 U.S.C.
Administrator, Federal Emergency 3554(a)(1)(B)(ii).
Management Agency. DEPARTMENT OF HOMELAND
[FR Doc. 2017–23251 Filed 10–25–17; 8:45 am] SECURITY Overview of BOD 18–01
BILLING CODE 9111–23–P
National Protection and Programs In carrying out this statutory
Directorate; Notification of Issuance of responsibility, the Department issued
DEPARTMENT OF HOMELAND Binding Operational Directive 18–01 BOD 18–01, titled ‘‘Enhance Email and
SECURITY Web Security.’’ For email security, the
AGENCY: National Protection and BOD requires agencies to take specific
Federal Emergency Management Programs Directorate, DHS. technical actions to ensure that agency
Agency ACTION: Issuance of a binding email can be encrypted in transit and is
operational directive; notice of more difficult to spoof. For web
[Internal Agency Docket No. FEMA–3391–
EM; Docket ID FEMA–2017–0001]
availability. security, the BOD requires agencies to
SUMMARY: To safeguard Federal take specific technical actions to ensure
Puerto Rico; Amendment No. 1 to information and information systems, publicly accessible Federal Web sites
Notice of an Emergency Declaration DHS has issued a binding operational and services are provided through
AGENCY: Federal Emergency directive (BOD) to all Federal, executive secure connections. Across both topics,
Management Agency, DHS. branch departments and agencies the BOD requires that agencies disable
ACTION: Notice. relating to enhanced email and web and discontinue use of certain,
security. The BOD requires agencies to vulnerable ciphers and Secure Socket
SUMMARY: This notice amends the notice take specific actions on their Layer configurations.
of an emergency declaration for the information systems to improve email
Jeanette Manfra,
ethrower on DSK3G9T082PROD with NOTICES
Commonwealth of Puerto Rico (FEMA– and web security. DHS is publishing
3391–EM), dated September 18, 2017, this notice of availability to provide Assistant Secretary, Office of Cybersecurity
and related determinations. awareness of the BOD. and Communications, Department of
Homeland Security.
DATES: The change occurred on October DATES: Binding Operational Directive
[FR Doc. 2017–23317 Filed 10–25–17; 8:45 am]
10, 2017. 18–01 was issued on October 16, 2017.
BILLING CODE 9110–9P–P
FOR FURTHER INFORMATION CONTACT: ADDRESSES: The text of Binding
Dean Webster, Office of Response and Operational Directive 18–01 is available
VerDate Sep<11>2014 17:29 Oct 25, 2017 Jkt 244001 PO 00000 Frm 00067 Fmt 4703 Sfmt 9990 E:\FR\FM\26OCN1.SGM 26OCN1](https://thefederalregister.org/doc/82_FR_49858/page/1.svg)
Document Created: 2018-10-25 10:12:40
Document Modified: 2018-10-25 10:12:40
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Issuance of a binding operational directive; notice of availability. | |
| Dates | Binding Operational Directive 18-01 was issued on October 16, 2017. | |
| FR Citation | 82 FR 49652 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR