High Value Assets (HVA) Lessons Learned for Small Government Agencies and Small to Mid-sized Organizations

Abstract

Cyberattacks are a persistent threat to organizations across all sectors, and over the past decade, attackers have increasingly been targeting municipalities. Protecting the most critical information and systems or high value assets (HVAs) from a cyberattack is essential to reduce the risk of impacting critical services that make day-to-day activities possible. Identifying HVAs is a process that assists organizations in recognizing which assets are most critical and therefore require the most significant protective measures. An HVA process was developed for State, Local, Tribe, and Territory (SLTT) jurisdictions of any size, capability, and cybersecurity maturity to assist them in identifying assets that are vital to community operations. The SLTT HVA Process aligns with the Federal HVA Program developed by the Cybersecurity and Infrastructure Security Agency (CISA). Four jurisdictions are piloting the SLTT HVA Process and, through this initiative, are generating vital lessons learned to successfully incorporate the process into their cybersecurity program.