Private and Public Collaboration

Formerly Global Forum for Advanced Cyber Resilience

National Forum for Public-Private Collaboration

Several years ago, the Department of Defense created the Department of Defense Enterprise Service Management Framework (DESMF) to improve Service Management capabilities across the Department based on COBIT, ITIL, Lean Six Sigma, CMM, and ISO 20000. I felt Service Management has a core role to play in cyber resilience and creating and sustaining business value.I founded the National Forum for Public-Private Collaboration (NFFPC), a not-for-profit, as the means to utilize the value of the DESMF for public and private organizations as the core of our Foundation for Public-Private Collaboration.  This collaboration will help risk owners understand the business value of this and other standards and frameworks.

Foundation for Public-Private Collaboration

Recognizing the value of the DESMF, we copied the DESMF, removed DoD specific references, and called our version the Foundation for Public-Private Collaboration. The FPPC is intended to be a living document. It will be continually improved based on what emerges from its real world use by participating organizations while recognizing the value of using agile approaches.
Many industry and government leaders with whom I have spoken can see the clear benefits of collaboration between the public and private sectors to do this important work. A collaborative approach will enable us to connect the common threads that exist across sectors and topics. We recognize that cyber and other threats and business opportunities will continue to change at a rapid and accelerated. This combination of continual improvement and agility, therefore, need to play critical roles in our thinking.

I searched for "Cyber Security Summit" in quotes at Google today and there were 313,000 direct results.  Come down from the Summits and join us in the Fertile Valley of Public and Private Collaboration!

Charlie Tupitza
Chief Executive Officer
National Forum for Public-Private Collaboration


When the market understands and agrees on what needs to be done, it is easier for product and service providers to articulate real value to the right stakeholders in a way they can understand.

We must remove the inhibiting nature of standards and frameworks to enable innovative automation and understanding.

Prescriptive standards and frameworks outlining “how” in detail limit this.

We focus on What should be done over How and Who to achieve outcomes that deliver business value.

Hacking Agile Project/Program Management

Agility and portfolio, program and project management seem to be opposites; There are groups in both communities who feel that way. But are they really? And even if they once were, can we afford to continue with this thinking?  Portfolio, Program and Project Management still have key roles to play as the challenges organizations face are complex, complicated, and always changing. The real challenge is how to marry the benefits of agility with the value-add of Portfolio, Program and Project Management. . . . . . . .
Read more about this collaboration.

agile devops project management

Hacking the Cybersecurity Framework

The Cybersecurity Framework has been getting a lot of attention within government and the private sector of late. There is legislation being considered that seems to be leaning towards governing the implementation and audit of the Framework.
However, this Framework, like any other, is not something you implement; It is something you reference and take advantage of in a way that makes sense to your organization’s needs. . . . . . . .

Read more about this collaboration.

cyber security collaboration

Foundation for Public-Private Collaboration: Importance of Agility

“The Organization CIO Plan supports the organization's Strategic Management Plan and provides the requirements necessary for the CIO, to build agile and secure information technology capabilities to enhance mission and decision making while optimizing value.”

“Processes and services should be designed with sufficient flexibility to ensure that not only the current needs of the customer are addressed, but that future needs in technology and capacity are anticipated and accounted for as part of the service life-cycle.

Rationale: Customer requirements change rapidly in a cyber-environment and current processes must support agile service development and implementation.

Implications: Principles of agile development and understanding of concepts such as capacity on demand needs be applied to all areas of support and development.”

“The goal is to provide effective and resilient services enabled by agile decision making. Successful delivery of services drives mission alignment and customer satisfaction. The governance structure must allocate decision rights and accountability without becoming overly burdensome and counter-productive.”

Forum Sponsors  -  Coming Soon!

Technology Organization Sponsors

Staffing Organization Sponsors

Training Organization Sponsors

Government use of Lexicon

goernment use of FPPC common lexicon
Partial list of government using Forums selected common lexicon.

Private Sector use of Lexicon

Healthcare, Finance, Telecommunication, Hospitality, Commercial Facilities, Manufacturing, Defense Industrial Base, Dams, Chemical, Energy, Nuclear, Information Technology, Transportation, Non-Profit, Tribal, Water and Wastewater. Fifty-nine hundred companies, six hundred fifty groups, and over two million people listed on Linkedin with the lexicon we use, and eight million people globally certified.

Global use of Lexicon

United Kingdom, United States, Australia, Germany, Canada, Japan, Denmark, Sweden, China, The Netherlands, Belgium, France, Poland, Spain, Switzerland, Brazil, South Africa, Finland, Mexico, Singapore, Norway, India, New Zealand, Malaysia, Saudi Arabia, Ireland, Italy, Slovenia, Hong Kong.. others

The National Foundation for Public-Private Collaboration is creating easy to use guidance, based on the existing FPPC by incorporating support for cyber resilience into every lifecycle stage and process it describes. The guidance will show how every service management process should contribute to cyber resilience, and show how cyber resilience controls can contribute to each stage of the lifecycle and to each service management process. The resulting document will be published under a Create Commons License to ensure it can be reused for purposes such as:

  • Helping both public and private sector organizations to incorporate cyber resilience into how they manage their IT systems and services.
  • Fostering collaboration between information security and IT service management teams and organizations.
  • Helping organizations offering tools and consulting to integrate support of both cyber resilience and IT service management into their offerings.
  • Providing content of value available for consideration in future releases of the DESMF and other Frameworks, as well as Standards, and Methods.

What cyber resilience/security work matters to the business and what doesn't?

pittsburgh dc las vegas cyber security
Cybersecurity business value Baldrige criteria Boston Detroit Kennedy Space Center
salt lake Philadelphia washington

Contact us for more details including dates, agenda, and participation.
Call us: 202 735-4143 or e-mail at excellence@gfacr.org

Presidents Commission on Advancing Cybersecurity includes collaboration:

“…..Successful implementation of our recommendations will require significant commitment from both the public and private sectors and extensive cooperation and collaboration between the two. Indeed, enhancing the state of national cybersecurity will require the coordinated effort of a wide range of organizations and individuals……”  
Thomas E. Donilon Chair and Samuel J. Palmisano Vice Chair of the Presidents Commission on Enhancing National Cyber Security.

Find the report here: presidents-cybersecurity_report