The work of our Enterprise Cybersecurity team is guided by three strategic priorities: protect data and infrastructure, manage cyber risks to the business, and build operational excellence and resiliency. With these in mind, the team fulfills its mission of protecting our firm's data and infrastructure while enabling us to adapt for continued business growth and evolving client requirements. In FY23, Booz Allen renewed its focus on data protection tools, such as sensitivity labels, and internal processes, such as data loss prevention (DLP).
In FY23, Booz Allen continued to build operational excellence and resiliency by maintaining a “SHIELDS UP!” posture, reflecting U.S. Cybersecurity and Infrastructure Security Agency (CISA) guidance in response to Russia's invasion of Ukraine. The Enterprise Cybersecurity team uses information from the government, private information-sharing organizations, paid commercial sources, and open-source intelligence to inform preventative controls, detection capabilities, and response procedures and to brief leaders throughout the firm. The team closely monitors the firm's attack surface to ensure vulnerabilities are identified, mitigated, and remediated before attackers can exploit them, remediating well over 1 million vulnerabilities during FY23. It also conducts frequent, unannounced Red Team operations (offensive security experts who engage in exercises to attack an organization's cybersecurity defenses) against our cyber defenders to validate detection and response procedures while using automated adversary emulation to validate security controls.
We take steps to ensure suppliers will protect Booz Allen information and entrusted information in compliance with applicable legal, regulatory, and contractual requirements. We include provisions in our supplier agreements that incorporate applicable information security requirements, and we require our suppliers to confirm their compliance with these requirements. Depending on the nature of a supplier's work and the sensitivity of the Booz Allen and entrusted information provided to the supplier, we require suppliers to complete our security questionnaires (based on data categorization) and provide evidence of security accreditations (e.g., ISO 27001, SOC 2 Type 2), and we evaluate supplier compliance with security requirements using internal and third-party resources.
Our cybersecurity program is designed to protect assets, such as our networks and data centers and the information they transmit and store. As a member of the Defense Industrial Base (DIB), Booz Allen is subject to mandatory assessment by the Defense Contract Management Agency (DCMA). In FY23, we prepared for the assessment, which was completed in June 2023 at a Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) High Confidence Level.
Given the highly sensitive nature of much of our client work, we prioritize cybersecurity. Our people utilize technology and best practices to help protect our networks, systems, and data assets. Further, we work closely with our suppliers to minimize cybersecurity risks and, as appropriate, flow down applicable laws and regulations.