Cybersecurity is among the top priorities of the FDA and the Office of Digital Transformation (ODT) takes its responsibility seriously to protect people and data in today’s environment of increased cybersecurity threats. We recognize the risks associated with operating a global information technology enterprise and have developed this Cybersecurity Modernization Action Plan (CMAP) to strengthen the FDA’s ability to protect sensitive information, modernize cybersecurity capabilities, and improve situational awareness to decrease overall security risks to the Agency.

We have prioritized cybersecurity innovation and modernization to formalize our commitment to technology and catalyze change to advance the mission of the FDA. ODT will identify, prioritize, and validate cybersecurity governance, standards, and solutions to support the secure adoption of emerging technologies across the Agency. These activities will drive and inform FDA’s ongoing modernization efforts. We will continue to leverage innovative tools and technologies like machine learning, AI, data sharing, collaboration platforms, and high-performance computing to advance FDA’s public health mission. Innovation and emerging technologies underpin the advancement of patient-centered and real-world evidence-based regulatory operations.

Cybersecurity Modernization Action Plan (CMAP)

Key Cybersecurity Modernization Actions 

• Establish a comprehensive Zero Trust approach to facilitate new digital services and modernization efforts 
• Promote software assurance best practices to include security measures at every stage of the development lifecycle 
• Enhance interoperable and secure data exchange and collaboration across FDA and its public health partners 
• Leverage Artificial Intelligence/Machine Learning (AI/ML) technologies to enhance cyber detection and response capabilities 
• Integrate counterintelligence and insider risk principles with the Zero Trust model to enable an intelligence-driven approach 
• Prioritize and invest in FDA’s cybersecurity workforce 

This CMAP outlines an approach to attain an optimal maturity level by modernizing and enhancing our security and cyber defenses to address evolving cyber threats, vulnerabilities, and risks to the FDA’s IT infrastructure and sensitive data. 

Our future vision is a highly skilled cyber workforce that leverages state-of-the-art technologies and advanced processes to address the challenges of a highly evolving threat landscape. FDA’s CMAP will create opportunities for enhancements across the enterprise resulting in specific improvements, including but not limited to the following: 

• Improved Customer Experience 
• Increased Performance 
• Enhanced Visibility and Situational Awareness 
• Enhanced Threat Protections 
• Reduced Latency and Speed to the Cloud 

Strengthening FDA’s network environment, identity capabilities, and data protections are critical as the Agency continues to modernize and deploy new digital services and facilitate more seamless data sharing across its global regulatory environment. The FDA CMAP will support the Agency in building a modern security architecture that will expedite digital transformation and directly support FDA’s mission to protect and promote the public health.