Reimagining CISA's Service Delivery: The CISA Services Catalog & Beyond

Author: Bradford Willke, Assistant Director (AD), Cybersecurity and Infrastructure Security Agency (CISA) 

When I reflect on all CISA has accomplished toward its mission, I often find it hard to believe that this Agency is just over a year old. Yet, in that short time, CISA has played a critical role in making the nation more resilient. We have helped defend the American people and our critical infrastructure against threats ranging from foreign adversaries to the impacts of biological hazards. We have done so on a range of fronts, from cyberspace to physical spaces, industrial control systems to supply chains and voting booths. As a result, the nation’s ability to maintain essential services and the flow of goods, to protect businesses and networks, to keep the lights on and water running, to provide public safety and secure democracy – and several other areas, which we refer to collectively as National Critical Functions – are stronger than ever before.   

CISA is not alone in this fight. We partner with a diverse range of stakeholders from all levels of government and all corners of the private sector who have joined us in our mission to defend today, secure tomorrow. 

As the nation’s risk advisor, CISA’s role is to mobilize the nation’s critical infrastructure to form a collective defense against the threats we face. A collective defense means supporting the critical infrastructure community in maintaining an appropriate level of security and resilience through active risk management and continuous capacity building. CISA leads these efforts by providing tools and services that fill key gaps in the security of critical infrastructure and other entities, establish relationships to help with defense operations, and increase our visibility into the risk posture of the nation. Through these actions, our goal is to function as our partners’ “front door” to the government on issues related to cybersecurity and critical infrastructure protection.

Today, I am excited to provide our partners with the key to opening that door: the CISA Services Catalog. This catalog is unlike any we have published before. For the first time ever, we have compiled more than 50 services CISA offers from across all of its mission areas into a single resource. Moreover, this catalog is interactive and responsive to filters, allowing users to quickly and seamlessly access services tailored to their individual needs and circumstances with just a few clicks. So, whether you are one of our partners in private industry or local government; seeking assistance in cybersecurity or securing infrastructure; or looking for how you can enhance capabilities or assess vulnerabilities; you will find the information you need along with direct links to CISA personnel ready to assist you on your resilience journey. 

Like other providers of products and services, we know you have choices. At CISA, we want to be valuable and accessible to you, if not also distinguished, comprehensive, and effective in our service delivery. CISA’s vantage point as a convener of many stakeholder communities allows us to proudly stand at the intersection of industry, international, intelligence, non-profit, academia, and federal, state and local partners, to create a unique perspective on cybersecurity and infrastructure security issues, and to best understand stakeholder requirements and these services in a larger risk context. I ask you to challenge us in these assumptions by using the Catalog, availing yourself to these services, providing us the opportunity to work with and for you, and measuring with us how far we have come and yet to go in achieving our collective defense.   

This Catalog also illustrates where we’re taking CISA more broadly, particularly with our stakeholder-centric approach to managing national risk and resilience. This Catalog is an invitation to partner with us as much as it is a library of services. We think of partnership as a bi-directional service. Your partnership allows us to better tailor our products, services and engagements to your most immediate priorities and capabilities; it also allows us to give you a seat at the table to join us in better understanding the unique risk environments of your sectors to identify and implement solutions. Partnership is the essence of collective defense, and this approach continues to yield results.   

Finally, thanks to your partnership, CISA is currently developing several initiatives aimed at better supporting our stakeholders, to tailor their experience with CISA and optimize their risk management efforts. Part of this involves our efforts to map each of our products, services, and resources to stakeholder capability levels and desired outcomes. The goal is to eventually be in a position to provide our stakeholders with the ability to plot a customized roadmap to greater resilience that is optimized to their circumstances. Another initiative is to develop a comprehensive intake process that will link individual stakeholders to a dedicated CISA representative whose role is to serve as the stakeholder’s advisor, understanding their resilience goals and stewarding them through CISA’s suite of offerings to get them there.   

This is only the beginning. I encourage you to open the door to greater resilience for your organization by exploring the CISA Services Catalog.

Thank you for your partnership,  

Bradford Willke  

Taxonomy Topics