The KEV Catalog
A list of Known Exploited Vulnerabilities.
CISA partners with other government agencies to protect our nation’s cyber and physical critical infrastructure. CISA has the mission to provide a common baseline of security across the Federal Civilian Executive Branch (FCEB) and to help agencies manage their cyber risk. Resources include tools, trainings, and information materials to prevent, protect against, and mitigate security incidents.
Featured Content
Solutions for Federal Agencies
The CDM Program helps federal civilian agencies better understand and improve their network defense strategies.
Government Coordinating Councils
Government Coordinating Councils (GCCs), comprised of representatives from across various levels of government, are formed to enable interagency and cross-jurisdictional coordination.
Executive Order on Improving the Nation's Cybersecurity
Key points of and CISA's role in the Executive Order on strengthening the cybersecyrity of federal networks and critical infrastructure.
Featured Articles
“SCuBA”? It means better visibility, standards and security practices for government cloud
CISA recently launched the Secure Cloud Business Applications (SCuBA) project to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments.
CISA Directs Federal Agencies to Improve Cybersecurity Asset Visibility and Vulnerability Detection
New binding operational directive establishes core actions to achieve operational visibility throughout federal civilian executive branch.
CISA Initiates Mobile Cybersecurity Shared Services to Enhance Federal Government Enterprise Mobile Security
CISA is pleased to announce the launch of its newest federal enterprise security initiative: mobile cybersecurity shared services that is piloting three capabilities to improve the security of GFE mobile devices,
Alerts & Directives
Emergency Directive 22-02 (Closed)
CISA has closed ED 22-02 and transitioned required actions for Log4J vulnerability to CISA’s BOD 22-01, which still requires agencies to fully remediate the Log4j vulnerabilities wherever updates are available across all impacted software.
Emergency Directive 22-03
CISA has identified vulnerabilities in VMWare products that pose an unacceptable risk to FCEB agencies and require emergency action.
Contact Your Regional Office
Services
CISA has compiled a list of free tools and services to help government agencies further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations.
Automated Indicator Sharing (AIS) Service
Automated Indicator Sharing (AIS) is a service that enables participants in the service to exchange cyber threat indicators with State, Local, Territorial, and Tribal governments and the private sector at machine speed.
CISA Gateway
The CISA Gateway provides various data collection, analysis, and response tools in one integrated system through a single user registration, management, and authentication process.
CISA Tabletop Exercise Packages
CISA Tabletop Exercise Packages are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises and initiating discussions within their organizations about their ability to address a variety of threat scenarios.
Publications
CISA Cybersecurity Awareness Program Government Resources
Resources and materials for federal, state, and local government officials and employees to get informed about cybersecurity.
CISA Cybersecurity Awareness Program Law Enforcement Resources
Resources and materials to help law enforcement officials combat cybercrime and spread cybersecurity awareness in their community.
Partnering to Safeguard Localities from Cybersecurity Threats Toolkit
Municipalities across the United States are at risk of cyber intrusions,
with recent incidents demonstrating both potential impacts to critical
functions and unauthorized access to sensitive information.