Under FITARA, the visibility and intelligence that CIOs are expected to have about their agencies’ IT domains will also inform their CISOs about where critical assets exist that require better defenses and where vulnerabilities exist that require remediation.