Department of Homeland Security: Strategic Plan on Infrastructure Protection Assessments (Fiscal Year 2016 Report to Congress) [open pdf - 2MB]
"DHS NPPD [National Protection and Programs Directorate] conducts voluntary security assessments and analyses of the Nation's critical infrastructure. Within NPPD, IP [Infrastructure Protection] carries out assessments, supported by Office of Cyber and Infrastructure Analysis (OCIA) analyses, both of which support risk-informed decision-making by critical infrastructure owners and operators, as well as federal, state, local, tribal, and territorial partners. These initiatives address objectives in homeland security legislation, policy, and doctrine, including the National Infrastructure Protection Plan. To develop the 3-year strategic plan for assessments, NPPD assessed the current or 'as-is' state of the assessment program by evaluating maturity across five program domains, defined a desired 'to-be' state for program maturity, and identified goals and objectives for closing gaps between the current and desired states. This work was informed by extensive engagement with key stakeholders, including interviews with nearly 100 partners, as well as three planning workshops. The resulting 3-year strategic plan enables NPPD to transition the assessment program into a more mature phase that operates with a clearly defined vision or strategic intent, and that better supports data needs for analyses. [...] The strategic intent and approach for the assessment program over the next 3 years will increase the comprehensiveness of the national approach to infrastructure risk management, building beyond the identification and securing of critical assets. This strategic plan serves as the foundation for identifying and prioritizing further steps toward achieving national infrastructure risk management goals through adjustments to the assessment program."
U.S. Department of Homeland Security: http://www.dhs.gov/