Government Resources
Explore these no-cost resources to help you protect your organization.
Cybersecurity Resources for Government Leaders at All Levels
Check out these resources to support you in building a culture of cybersecurity in your organization.
CISA Regional Offices
Our regionally based security advisors deliver a variety of risk management and support services that assess risk level and increase stakeholder resiliency. Visit cisa.gov/about/regions to connect with one of our security advisors who can guide you to the most impactful services for your organization's unique needs.
Printable Fact Sheets
Four Cybersecurity Essentials for SLTTs: CISA's cybersecurity services that support the security and resilience of our SLTT partners.
Four Cybersecurity Essentials for SLTTs: Get Cybersecurity Best Practices for SLTTs #1-4 in one handy, printable summary.
- Level Up Your Defenses for SLTTs: Get Cybersecurity Best Practices for SLTTs #5-9 in one handy, printable summary.
Online Training
- How to Protect the Data that is Stored on Your Devices: Learn how to encrypt the data that is stored on your devices with this short text-based training.
Use a Password Manager to Create and “Remember” Strong Passwords: Learn how password managers enhance security and reduce the burden of remembering complex passwords.
Grant Programs
- State and Local Cybersecurity Grant Program: Apply for this federal program to help you build the protections you need, despite any resource constraints that can hamper your cybersecurity efforts.
Tribal Cybersecurity Grant Program: Apply for this federal program to help you build the protections you need, despite any resource constraints that can hamper your cybersecurity efforts.
Other Information & Resources
- State, Local, Tribal and Territorial Government: Get the latest news, alerts, directives, and services available to SLTTs, and links to CISA regional offices.
Share These No-Cost CISA Resources with Your IT Team
Level up your defenses with free tools, best practices, and threat insights tailored for your IT team. Even resource-constrained SLTT organizations can implement critical cybersecurity safeguards.
Cyber Threat Tools
- CISA Tabletop Exercise Packages (CTEP): Helps you initiate discussions in your organization about cybersecurity and other threat scenarios.
- Cyber Hygiene Services: Reduce your risk significantly with CISA’s no-cost vulnerability scanning and web application scanning.
- Cybersecurity Alerts & Advisories: Find all published alerts and advisories and filter by Audience, Sector, Topic, more.
- Known Exploited Vulnerabilities (KEV) Catalog: Consider this your authoritative source of vulnerabilities that have been exploited in the wild.
- Malcolm: Track and analyze network traffic with this no-cost open source tool for OT/ICS systems. Perfect for small to medium manufacturing or water/wastewater plants, healthcare facilities, etc.
- Malcolm YouTube Playlist: Get started with Malcolm by watching these training videos.
- Malcolm Learning Tree: Discover Malcom’s training tools and learn how to deploy, configure, and use Malcolm.
- Malware Analysis: Submit malware samples and get a comprehensive analysis.
- Secure Cloud Business Applications (SCuBA): Assess and harden your software-as-a-service (SaaS) configurations with this no-cost tool that supports best practices like MFA, strong passwords, and audit logging.
- Secure Cloud Business Applications (SCuBA) YouTube Playlist: Get started with SCuBA by watching these training videos.
Stop Ransomware: Check out the US Government’s official one-stop location for resources to tackle ransomware more effectively.
General Cybersecurity Guidance
- Choosing Secure and Verifiable Technologies: Use this guidance to help you select technology that is secure by design.
- Cross-Sector Cybersecurity Performance Goals: Share with your IT team to prioritize cybersecurity practices.
- Cyber Resilience Review: Use the self-review tool or request a no-cost, on-site facilitated session to evaluate your organization’s operational resilience and cybersecurity practices.
Infrastructure Resilience Planning Framework: Incorporate critical infrastructure resilience considerations into your organization’s planning.
Encryption
- Encryption: Find best practices and high-level advice.
Post-Quantum Cryptography Initiative: Prepare for the impact of quantum computing on encryption by exploring CISA’s guide. Learn how SLTT organizations can begin planning for this new technology to protect critical data and infrastructure.
Information Sharing
- Automated Indicator Sharing (AIS): Take advantage of this no-cost service for real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private-sector organizations. AIS helps to protect participants and ultimately reduce the prevalence of cyberattacks.
- Report a Cyber Issue: Submit this form to securely send CISA cyber incident details for timely analysis and response.
- Reporting a Cyber Incident: Help even more by also reporting to your state or local Fusion Center, FBI field office, and the FBI Internet Crime Complaint Center.
Voluntary Cyber Incident Reporting: Learn more about why, when, what, and how to report cyber incidents.
Logging
- Logging Made Easy Tool: Take advantage of this no-cost log management and threat detection solution.
Logging Made Easy YouTube Playlist: Get started with the LME tool by watching these training videos.
Migrating to the .gov Domain
get.gov: Find everything you need to know to request a .gov domain at this CISA-run site.
Multifactor Authentication (MFA)
- Implementing Phishing-Resistant MFA Fact Sheet: Read for an explanation of phishing-resistant MFA compared to other formats and high-level information on implementing it.
- Implement Strong Authentication Guide: Learn how to use strong authentication methods to protect your organization with this comprehensive guide.
- Implementing Number Matching in MFA Applications: Gain an understanding of the vulnerabilities of mobile push notification style MFA and why you should transition to phishing-resistant forms.
SLTT Security Operations Center (SOC) Call Event
Event Details
- Date: Every 1st and 3rd Wednesday
- Time: 1:00pm - 2:00pm ET
- Location: Virtual
- Registration: Email Cyberliasionsltt@cisa.dhs.gov
Cyber threats around the nation are exposing vulnerabilities in state, local, tribal and territorial (SLTT) infrastructure. In response, the Cybersecurity and Infrastructure Security Agency’s (CISA) SLTT team developed the SLTT SOC Call to provide timely updates and expert recommendations regarding pressing cyber threats and vulnerabilities to strengthen cyber defense in the SLTT community.
Purpose
The SLTT SOC Call facilitates a technical exchange and discussion on important cybersecurity issues affecting SLTT entities and the wider cyber community. Additionally, it provides opportunities to learn more about CISA’s services and resources to bolster the security posture of SLTT’s cyber networks.
Who Can Participate
Members of the SLTT community interested in making their organizations more cyber secure.