Strategic Stakeholder Engagement Plan

Stakeholder Engagement Strategic Plan

Contents

Message from the Director
Our Mission and Vision
CISA Core Values

01
03
04
05

GOA L 1
CISA collaboratively plans and implements stakeholder engagements
and partnership activities to advance a unified mission delivery

08

1.1. CISA establishes an internal coordinating function to support
sustained trust-based relationships with State, Local, Tribal, and
Territorial (SLTT) government, private sector, federal government,
and international stakeholders to collaboratively advance mission
objectives
1.2. CISA headquarters and regional offices collaborate to establish
shared annual plans for national, regional, and international
stakeholder outreach and engagement
1.3. CISA headquarters and regional offices plan and implement
stakeholder engagements to ensure CISA programs connect with
the right person at the right level to advance mission objectives
1.4. CISA engages new and established partners to develop and
champion innovative risk reduction solutions, as appropriate, that
help stakeholders collaborate with CISA to reduce risk to critical
infrastructure through the lens of national critical functions

09

10

10

11
II

GOA L 2
Stakeholder insights and feedback inform CISA product development
and mission delivery

12

2.1. CISA uses public sector best practices to garner feedback from
stakeholders to improve product development and service delivery 13
2.2. CISA uses public sector best practices to garner insight into
stakeholder communities and their context to improve
requirements definition, product development, and service delivery 14
2.3. CISA uses stakeholder data and insights that reflect how
stakeholders use CISA resources, products, and services to reduce
risk from identified threats and vulnerabilities
14

GOA L 3
Stakeholders have easy access to CISA programs, products, services
and information

15

3.1. All CISA employees are a gateway to the full suite of CISA programs,
products, services, and information
16
3.2. Stakeholders access programs, products, services, and
information through self-service offerings designed to augment
engagement with CISA staff
16
3.3. CISA enhances information sharing with CISA’s partnership base
17

C ONC LU SIO N

18
III

MESSAGE
FROM THE DIRECTOR

A

s we move further into the third decade of the 21st century,
we recognize a threat landscape that includes cyberattacks,
technology incidents, natural disasters, terrorist attacks,
mis-, dis-, and malinformation, and, of course, infectious
diseases. Congress established the Cybersecurity and
Infrastructure Security Agency (CISA) in 2018 as the country’s
operational entity for managing and mitigating risk from such threats
to our digital and physical critical infrastructure and ensuring secure,
interoperable emergency communications. These efforts rely on the
dynamic relationships we maintain with our diverse stakeholders and are
further supported by our unique capability to facilitate interaction and
collaboration between government and private industry.
Through CISA’s efforts to understand, manage, and reduce risks to the
nation’s critical infrastructure, including emergency communications,
we help our partners strengthen their own capabilities. We use national,
regional, international, and program level engagement planning to
connect industry and government stakeholders to each other and to
resources, analyses, and tools to help them build and enhance their
own cyber, communications, and physical security and resilience, in turn
strengthening national resilience.

1

This inaugural stakeholder engagement strategic plan fully aligns with
and nests under the CISA Strategic Plan 2023 – 2025. It aims to unify the
agency’s stakeholder engagement approach as One CISA through
integrated functions and capabilities to strengthen whole-of-nation
operational collaboration and information sharing. The plan elaborates
on areas of focus for the next three years that will optimize coordinated
engagement and partnership activities, including the full integration of
CISA’s regional offices. As part of this, we will streamline use of
stakeholder insights to inform CISA offerings and mission delivery. We
will also make it easier for stakeholders to quickly find and access
applicable CISA products and services, including timely, relevant, and
accurate decision support information.
CISA is building a culture of excellence that prizes the values of teamwork
and collaboration; innovation and inclusion; ownership and
empowerment; transparency and trust. I ask the entire CISA workforce to
manifest these values and actively participate in the collaborative
engagement planning and implementation called for in this strategic
plan. Doing so will streamline existing operations and break down
organizational silos so we can collaboratively grow the value of our
products and services, better satisfy our stakeholders, and increase the
Nation’s security baseline.
I look forward to executing this strategic plan with you as we achieve our
shared vision of a secure and resilient critical infrastructure for the
American people. We are Team CISA.

Jen Easterly
Director

2

Our Mission

Our Vision

Lead the national effort to understand,
manage, and reduce risk to our cyber
and physical infrastructure.

Secure and resilient infrastructure for
the American people.

“Our mission is a team sport: our success will be rooted in the rich and
robust personal relationships and collaborative partnerships we build
across our Agency and our Department, across the federal government,
and with our teammates at the state, local, tribal, and territorial level,
and of course, with our private sector colleagues.”
Director Easterly
Message to the CISA Workforce

3

CISA
Core Values

CISA was designed to be something
special and different. Not another
bureaucracy, but something much more
akin to a public-private collaborative.
Our core values reflect this design and
underpin everything we do at CISA:

COLLABORATION

INNOVATION

Strong and vibrant partnerships are
critical to everything we do; we will
approach every engagement as an
opportunity to build trust with our
teammates, our partners, and
our customers.

We face threats at machine speed and
adversaries unbounded by bureaucracy;
we must move with creativity and agility
at the speed of ideas to stay ahead of
threats to our nation and our way of life,
and we must be grounded in the strength
of our resilience.

SERVICE

ACCOUNTABILITY

We are defined by our dedication to
selflessly serving the American people;
more than a mission, our commitment
is a calling to protect and defend the
infrastructure Americans rely on every
hour of every day.

We will only succeed if every one of us
takes active ownership of our mission,
our words, and our actions. We will model
the behavior we want to see in others; we
will hold ourselves and our teammates
responsible for our actions; and we will
empower our workforce through trust,
transparency, and radical honesty.

4

Executive Summary

CISA engages stakeholders and fosters public-private partnerships to
enhance the nation’s critical infrastructure security and resilience.
The goals outlined in this strategic plan unify CISA’s efforts to effectively
engage and collaborate with stakeholders and partners, developing and
strengthening the trusted relationships that underpin whole-of-nation
operational collaboration and information sharing.
The first goal focuses on optimizing organizational processes and
translating program excellence into agency excellence. CISA headquarters
and regional offices1 will share a common operating picture to proactively
collaborate on stakeholder engagements and partnerships, moving the
agency in a unified direction.

1

CISA regional offices are comprised of personnel assigned to one of CISA’s 10 regions. They manage partnerships and
engagements and coordinate product and service delivery in their region’s critical infrastructure community. CISA headquarters
is comprised of personnel who focus on national, international, and program-specific critical infrastructure stakeholder
engagement and partnership management.

5

Clarifying stakeholder management roles and responsibilities between headquarters and the
regions is central to this strategic plan and involves articulating the best ways to share
stewardship of CISA’s stakeholder relationships. It also drives efforts to define standard
approaches for using technology to enable CISA’s mission. This includes CISA’s use of the
Stakeholder Relationship Management (SRM) platform to manage agency-wide stakeholder
contact and engagement information and the agency’s use of stakeholder maps to visualize
stakeholder relationships to CISA and to each other so CISA can better understand and
support them. Processes and insights from these tools will be shared across the agency,
providing transparency and fostering the teamwork necessary to build and enhance our
partnerships and reduce risk to critical infrastructure.
The second goal recognizes that understanding stakeholder community needs is foundational
to building the public-private partnerships that enable mission fulfillment. It outlines multiple
objectives to collect input directly from stakeholders and other insightful sources that help
CISA better understand the context of its diverse stakeholder communities and how they use
agency products and services to reduce risk. This goal positions CISA to translate insights and
feedback into improved products and services.
The third and final goal aims to make it easier for stakeholders to get the products, services,
and information that best enables them and their communities to build and enhance their
own security and resilience, thereby strengthening national resilience. The objectives
supporting this goal are designed to equip CISA employees with the readily available
information needed to help stakeholders access the resources they need. They also improve
self-service capabilities so stakeholders can quickly find relevant and actionable information
on CISA.gov, in CISA publications and communications, and in the CISA Services Catalog.

6

V ISIO N

Secure and resilient
infrastructure for the American people

M ISSI O N

Lead the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure

G OA L 1
CISA collaboratively plans and
implements stakeholder
engagements and partnership
activities to advance a unified
mission delivery
OBJECTIVE 1.1

CISA establishes an internal
coordinating function to support
sustained trust-based relationships with
State, Local, Tribal, and Territorial (SLTT)
government, private sector, federal
government, and international
stakeholders to collaboratively advance
mission objectives
OBJECTIVE 1.2

CISA headquarters and regional offices
collaborate to establish shared annual
plans for national, regional, and
international stakeholder outreach and
engagement
OBJECTIVE 1.3

CISA headquarters and regional offices
plan and implement stakeholder
engagements to ensure CISA programs
connect with the right person at the right
level to advance mission objectives

GOAL 2

GOAL 3

Stakeholder insights and
feedback inform CISA product
development and mission delivery

Stakeholders have easy access to
CISA programs, products, services,
and information

OBJECTIVE 2.1

CISA uses public sector best practices to
garner feedback from stakeholders to
improve product development and
service delivery
OBJECTIVE 2.2

CISA uses public sector best practices to
garner insight into stakeholder
communities and their context to
improve requirements definition, product
development, and service delivery
OBJECTIVE 2.3

OBJECTIVE 3.1

All CISA employees are a gateway to the
full suite of CISA programs, products,
services, and information
OBJECTIVE 3.2

Stakeholders access programs,
products, services, and information
through self-service offerings designed
to augment engagement with CISA staff
OBJECTIVE 3.3

CISA enhances information sharing with
CISA’s partnership base

CISA uses stakeholder data and insights
that reflect how stakeholders use CISA
resources, products, and services to
reduce risk from identified threats and
vulnerabilities

OBJECTIVE 1.4

CISA engages new and established
partners to develop and champion
innovative risk reduction solutions, as
appropriate, that help stakeholders
collaborate with CISA to reduce risk to
critical infrastructure through the lens of
national critical functions

C I SA C O R E PR IN C IPLE S
People First • Do The Right Thing. Always. • Lead With Empathy • Seek And Provide Honest Feedback • Communicate
Transparently And Effectively • Foster Belonging, Diversity, Inclusion, And Equality • Imagine, Anticipate, And Innovate To Win •
• Make It Count • Build And Cultivate Your Network • Play Chess • Stand In The Arena • Commit To A Lifetime Of Learning

CI SA CORE VA LUES

C O L L A B O R A T I O N || I N N O V A T I O N || S E R V I C E || A C C O U N T A B I L I T Y

F
C II SGAU SRTEA K1E. HStrategic
O L D E R Plan
E N GOverview
AG EMEN T ST R AT EG I C PL A N

7

Goal 1
CISA C OLL ABOR ATIVELY PL ANS
AND IMPLEMENT S STAKEHOLDER
ENG AGEMENT S AND PARTNERSHIP
AC TIVITIES TO ADVANCE A UNIFIED
MIS SION DELIVERY

8

OB JEC TIVE 1 .1
CISA establishes an internal coordinating function
to support sustained trust-based relationships
with State, Local, Tribal, and Territorial (SLTT)
government, private sector, federal government,
and international stakeholders to collaboratively
advance mission objectives.
1.1.1
CISA identifies and attains the structure, people,
budget, and authorities (if any) needed for building
the cross-cutting organizational capacity to support
SLTT government, private sector, federal government,
and international stakeholders.
1.1.2
CISA builds its cross-cutting intergovernmental agency
partnership management capacity to proactively
identify, target, and build trust-based governmental
partnerships that reflect a whole-of-government
approach to understanding and managing cyber,
physical, and emergency communications risk to our
critical infrastructure.
1.1.3
CISA builds its cross-cutting stakeholder engagement
private sector coordinating function to proactively
identify, target, and build trust-based partnerships
with non-governmental organizations, academia, and
private sector entities.
1.1.4
CISA builds its capacity to execute the CISA Global
Strategy, unifying efforts with international partners to
reinforce and amplify the mission objectives.
1.1.5
CISA establishes its coordinated engagement
approach for executive partners at all SLTT levels,

along with the national associations that represent
them.
1.1.6
CISA establishes its private sector coordination
function to enable CISA leadership to aggregate
information and provide the CISA Director with advice,
recommendations, guidance, and insights on the
impact of the agency’s strategic initiatives,
partnerships, and actions.

REPRESENTATIVE OUTCOMES
1 | CISA engagements, partnerships, and
coordination (in its national coordinator for
critical infrastructure security and resilience
role) are targeted, purposeful, and prioritized.
2 | CISA has new and strengthened stakeholder
relationships.
MEASUREMENT APPROACH
CISA will measure the effectiveness of strategic
stakeholder engagements and partnership
activities.

9

OB JEC TIVE 1 . 2
CISA headquarters and regional offices
collaborate to establish shared annual plans for
national, regional, and international stakeholder
outreach and engagement.
1.2.1
CISA headquarters and regional offices leverage the matrixed nature of our organizational
structure to establish protocols for shared stewardship of stakeholder relationships with
standard business processes and lexicon for coordinating stakeholder engagement activities.
1.2.2
CISA headquarters and regional offices use data and the analytical capabilities provided
within the SRM, stakeholder maps, sector profiles, and risk analysis products to identify and
close relationship gaps within organizations that impact mission delivery.
1.2.3
CISA headquarters and regional offices leverage sector profiles, risk analysis products, and
SRM data to inform, as appropriate and consistent with relevant authorities and legal
frameworks, the composition of collaboration structures established at the national and
regional levels (to include sector-specific councils, cross-sector councils, and regional forums).

REPRESENTATIVE OUTCOMES
1 | CISA HQ and Regional Operations share a
common operating picture.
2 | The issues and concerns of local and
regional stakeholders are appropriately raised
within CISA and coordinating organizations.
MEASUREMENT APPROACH
CISA will measure the integration of regional
and HQ coordination activities and the impact
of regional stakeholder engagement.

10

OB JEC TIVE 1 . 3
CISA headquarters and regional offices plan and
implement stakeholder engagements to ensure
CISA programs connect with the right person at
the right level to advance mission objectives.
1.3.1
CISA headquarters and regional offices leverage the
matrixed nature of our organizational structure to
establish protocols for shared stewardship of
stakeholder relationships with standard business
processes and lexicon for coordinating stakeholder
engagement activities.
1.3.2
CISA headquarters and regional offices use data and
the analytical capabilities provided within the SRM,
stakeholder maps, sector profiles, and risk analysis
products to identify and close relationship gaps within
organizations that impact mission delivery.
1.3.3
CISA headquarters and regional offices leverage
sector profiles, risk analysis products, and SRM data
to inform, as appropriate and consistent with relevant
authorities and legal frameworks, the composition of
collaboration structures established at the national
and regional levels (to include sector-specific councils,
cross-sector councils, and regional forums).

REPRESENTATIVE OUTCOMES
1 | CISA HQ and Regional Operations share a
common operating picture.
2 | The issues and concerns of local and
regional stakeholders are appropriately raised
within CISA and coordinating organizations.
MEASUREMENT APPROACH
CISA will measure the integration of regional
and HQ coordination activities and the impact
of regional stakeholder engagement.

11

OB JEC TIVE 1 .4
CISA engages new and established partners to
develop and champion innovative risk reduction
solutions, as appropriate, that help stakeholders
collaborate with CISA to reduce risk to critical
infrastructure through the lens of national
critical functions.
1.4.1
CISA identifies new individuals and organizations with which it can collaborate and develop
innovative risk mitigation solutions for critical infrastructure.
1.4.2
CISA establishes and maintains effective mechanisms for expanding and deepening
partnerships focused on forging collective risk reduction solutions in collaboration with CISA.
1.4.3
CISA champions innovative risk mitigation solutions and advocates their use by stakeholders
in collaboration with CISA, as appropriate, to reduce risk to critical infrastructure through the
lens of national critical functions

REPRESENTATIVE OUTCOMES
1 | CISA engagements, partnerships, and
coordination (in its national coordinator for
critical infrastructure security and resilience
role) are targeted, purposeful, and prioritized.
2 | CISA has new and strengthened stakeholder
relationships.
MEASUREMENT APPROACH
CISA will measure the effectiveness of strategic
stakeholder engagements and partnership
activities.

12

Goal 2
STAKEHOLDER INSIGHT S AND FEEDBACK
INFORM CISA PRODUC T DE VELOPMENT
AND MIS SION DELIVERY

13

OB JEC TIVE 2.1
CISA uses public sector best practices to garner
feedback from stakeholders to improve product
development and service delivery.
2.1.1
CISA supports and utilizes Paperwork Reduction Act
(PRA) flexibilities2 (while respecting stakeholder
confidentiality and privacy) and established
information protection programs, as appropriate, to
facilitate CISA’s access to stakeholder feedback.
2.1.2
CISA programs establish and share best practices for
surveys, interviews, and focus and discussion groups
that assess stakeholder satisfaction and risk
mitigation practices.

2.1.3
CISA programs use stakeholder mapping to help
define specific target groups for stakeholder feedback.
2.1.4
CISA fully leverages national councils, committees,
working groups, sector and cross-sector forums,
advisory panels, and other relationships to garner
feedback on CISA initiatives and to increase
understanding of stakeholders’ needs.
CISA programs use transparent processes to translate
stakeholder feedback into validated stakeholder
needs, then into fully traced requirements with
defined evaluation criteria.

REPRESENTATIVE OUTCOMES

MEASUREMENT APPROACH

1 | Stakeholders have opportunities to provide
feedback reflecting needs, interests, and priorities.

CISA will measure stakeholder satisfaction and
feedback to inform continuous improvements.

2 | CISA appropriately incorporates stakeholder
feedback to improve product and service
development and delivery.

2

U.S. Executive Office of the President, Office of Management and Budget, Federal Collection of Information (Washington, DC)
https://www.whitehouse.gov/omb/information-regulatory-affairs/federal-collection-information/

14

OB JEC TIVE 2. 2
CISA uses public sector best practices to garner
insight into stakeholder communities and their
context to improve requirements definition,
product development, and service delivery.
2.2.1
CISA establishes and uses repeatable methodologies
for conducting and sharing open-source stakeholder
research to capture insight into stakeholder
community requirements.
2.2.2
CISA programs share risk information and other CISA
insights agency-wide to conduct needs assessments
in consideration of the larger stakeholder community
context.
2.2.3
CISA uses SRM and other internal data to determine
the level to which CISA products, services, and
resources have been received and used within
different stakeholder groups.

REPRESENTATIVE OUTCOMES
1 | Stakeholders have opportunities to provide
feedback reflecting needs, interests, and
priorities.
2 | CISA appropriately incorporates stakeholder
feedback to improve product and service
development and delivery.
MEASUREMENT APPROACH
CISA will measure stakeholder satisfaction and
feedback to inform continuous improvements.

15

OB JEC TIVE 2. 3
CISA uses stakeholder data and insights that
reflect how stakeholders use CISA resources,
products, and services to reduce risk from
identified threats and vulnerabilities.
2.3.1
CISA uses unique stakeholder data and strategic
insights to inform risk modeling and other
assessments.
2.3.2
CISA identifies how specific sectors and stakeholder
communities use CISA resources, products, and
services for their own capacity building activities to
advance those offerings that are most successful in
reducing risk.

REPRESENTATIVE OUTCOMES

MEASUREMENT APPROACH

1 | Stakeholders have opportunities to provide
feedback reflecting needs, interests, and priorities.

CISA will measure stakeholder satisfaction and
feedback to inform continuous improvements.

2 | CISA appropriately incorporates stakeholder
feedback to improve product and service
development and delivery.

16

Goal 3
STAKEHOLDERS HAVE E A SY AC CES S TO
CISA PROGR AMS, PRODUC T S, SERVICES,
AND INFORMATION

17

OB JEC TIVE 3.1
All CISA employees are a gateway to the full
suite of CISA programs, products, services, and
information.
3.1.1
Relationship management becomes a core competency for every CISA employee.
3.1.2
CISA staff use SRM tools and capabilities to connect with stakeholders and systematically
advance relationships over time.
3.1.3
CISA staff use standard product management and rollout procedures along with the next
generation CISA Services Catalog to access the information they need to match
stakeholders with the CISA programs, products, services, and information most appropriate
and relevant to stakeholders’ needs.

REPRESENTATIVE OUTCOMES
1 | Stakeholders can quickly find and access
relevant and appropriate CISA products and
services.
2 | CISA proactively informs stakeholders of
relevant and appropriate products and services.
MEASUREMENT APPROACH
CISA will measure the quality and accessibility
of Division programs, products, and services.

18

OB JEC TIVE 3. 2
Stakeholders access programs, products,
services, and information through self-service
offerings designed to augment engagement
with CISA staff.
3.2.1
CISA establishes an agency-wide approach to
facilitating a positive stakeholder experience that is
informed by information captured through existing
and newly established stakeholder feedback
mechanisms.
3.2.2
CISA designs its next generation CISA Services
Catalog or other digital outlets to make it easy for
stakeholders to find products and services best suited
to their needs, and to develop custom stakeholder
roadmaps that show how they can logically sequence
their use of CISA products and services to increase
their resilience and reduce risk.
3.2.3
CISA uses stakeholder feedback to enhance its
self-service offerings to improve stakeholders’ ability
to find or request what they need.

REPRESENTATIVE OUTCOMES
1 | Stakeholders can quickly find and access
relevant and appropriate CISA products and
services.
2 | CISA proactively informs stakeholders of
relevant and appropriate products and services.
MEASUREMENT APPROACH
CISA will measure the quality and accessibility
of Division programs, products, and services.

19

OB JEC TIVE 3. 3
CISA enhances information sharing with CISA’s
partnership base.
3.3.1
CISA matures existing information sharing through
structures such as the Critical Infrastructure
Partnership Advisory Council (CIPAC), Information
Sharing and Analysis Centers (ISACs), Sector
Coordinating Councils (SCCs), and Government
Coordinating Councils (GCCs) to better position
stakeholders for timely response to heightened
threats and incidents.
3.3.2
Using improved processes with existing structures,
CISA coordinates with relevant partners to regularly
develop and distribute regionally specific threat
information to each of CISA’s 10 regions.

REPRESENTATIVE OUTCOMES
1 | Stakeholders have access to timely, relevant, and accurate information to inform decision making.
2 | CISA’s data handling and information
sharing protects privacy, civil rights, and civil
liberties.
MEASUREMENT APPROACH
CISA will measure the value of multidirectional
information sharing with CISA partners.

20

Conclusion
Recognizing the ever-increasing range of threats facing our nation, Congress established CISA
in 2018 to assume a leadership role in managing risks to cyber and physical infrastructure,
while ensuring the security and interoperability of the nation’s emergency communications.
CISA plays a vital role collaborating with stakeholders to counter some of the nation’s most
pressing threats, ranging from cyberattacks, to natural disasters, terrorism, disinformation,
and infectious diseases.
CISA actively engages diverse stakeholder communities at the national, regional,
international, and program levels to learn from them and to understand their needs, support
their security efforts with timely information and services, and collaborate with partners to
solve problems and manage risks to the infrastructure and operations that are so vital to the
nation’s security and way of life.
The goals and objectives outlined in this strategic plan directly support CISA’s mission
priorities for stakeholder engagement. Collaborating efforts across divisions, gaining a deeper
understanding of stakeholders’ security risks and needs, and providing greater access to
CISA’s products, services, and resources are foundational to improved mission delivery.
This inaugural CISA stakeholder engagement strategic plan will result in a collaborative,
transparent approach to planning, and close alignment with the nation’s security priorities. It
will lead to stronger relationships with individuals and organizations across a broad spectrum
of stakeholders, including owners and operators of critical infrastructure, technology
innovators and security experts, and leaders from industry, all levels of government, and the
academic and nonprofit communities.
In addition, this strategic plan serves to harmonize planning efforts and strengthen the
agency’s unity of purpose and effort. It helps the agency move in a unified direction, even
when individual teams are focused on different efforts. Fostering coordination and
collaboration across the agency — and with the agency’s myriad stakeholders — is fundamental
to this strategic plan and the agency’s mission moving forward.