Among the goals listed:
Provide and Maintain Infrastructure
Provide Capital Markets and Investment Activities
Provide Consumer and Commercial Banking Services
Provide Funding and Liquidity Services
Provide Identity Management and Associated Trust Support Services
Provide Insurance Services

“The National Critical Functions construct provides a risk management approach that focuses on better
understanding the functions that an entity enables or to which it contributes, rather than focusing on a
static sector-specific or asset world view. This more holistic approach is better at capturing cross-cutting
risks and associated dependencies that may have cascading impact within and across sectors.

The DHS also talks of resiliency, which suggests not just preventing an attack but surviving it, even at it may continue. It is a point Accenture makes in its recent report: “Extreme but Plausible Threat Scenarios In Financial Services.”

“

CISA also calls for a tired risk register.

“By performing risk and dependency analysis and consequence modeling, CISA will identify scenarios that could potentially cause national-level degradation to National Critical Functions. This will result in a tiered Risk Register – prioritizing areas of national risk to critical infrastructure in need of mitigation and collective action.”

CISA said it is looking for information to help answer the
question of “what keeps you up at night.”

In addition to financial services, communications and the internet rank high in its list of critical functions: