CISA provides businesses and critical infrastructure partners with resources to identify, develop, and implement scalable security measures to build or improve capabilities across the private and public sectors. These resources allow industry partners to assess and identify vulnerabilities to critical infrastructure. They also enable businesses and critical infrastructure to prevent, protect against, respond to, and mitigate security incidents through technical assistance, training, and information sharing.
Business Continuity and Preparedness
CISA Tabletop Exercise Packages
CISA has an extensive scenario library and ready-to-use exercise packages—known as CISA Tabletop Exercise Packages (CTEPs). Each CTEP is customizable and includes template exercise objectives, scenarios, and discussion questions, as well as a collection of references and resources. Available scenarios cover a broad array of cybersecurity and physical security topics such as ransomware, election security, industrial control systems, pandemic, vehicle ramming, insider threat, active assailant, small unmanned aircraft systems (sUAS), and natural disasters.
Convergence Action Guide
CISA defines convergence as formal collaboration between previously disjointed security functions. This guide describes the risks associated with siloed security functions, benefits of convergence, a flexible framework for aligning security functions, and several case studies.
COVID-19 Vaccine Distribution Physical Security Measures
Organizations involved in the development and distribution of the COVID-19 vaccine should take proactive measures to enhance their overall physical security posture. To achieve secure and resilient vaccine distribution, workers within the supply chain and vaccine recipients should use available resources to assess suggested mitigation methods against physical security attacks. To help meet this need, CISA created the COVID-19 Vaccine Distribution Physical Security Measures infographic. This product provides a list of physical security resources available to the public to help facility owners and operators enhance physical security to protect workers and individuals.
CISA Tabletop Exercise Packages Training Workshop
CISA Exercises hosts monthly workshops to provide an overview of the CISA Tabletop Exercise Packages (CTEPs) and assists partners in using the CTEPs in their organizations. The workshops provide an opportunity for stakeholders to ask questions and provide feedback on the CTEPs, as well as learn more about the variety of CTEPs available.
DHS encourages businesses to Connect, Plan, Train, and Report. Applying these four steps in advance of an incident or attack can help business owners and their employees better prepare and proactively think about the role they play in the safety and security of their businesses and communities.
Stakeholder Exercise Planning and Conduct
CISA Exercises uses the Homeland Security Exercise and Evaluation Program (HSEEP) methodology to design, develop, conduct, and evaluate exercises ranging from small-scale, limited-scope, discussion-based exercises (e.g., two-hour seminars) to large-scale, internationally-scoped, operations-based exercises (e.g., multi-day, full-scale exercises).
Additional DHS Resources:
Critical Infrastructure Security and Resilience Courses
These courses aim to train and educate the critical infrastructure community through security awareness and sector-specific courses. DHS developed these courses in conjunction with federal, state, local, tribal, and territorial government partners, critical infrastructure owners and operators, and private sector partners to support the implementation of the National Infrastructure Protection Plan (NIPP).
FEMA Center for Domestic Preparedness
The FEMA Center for Domestic Preparedness (CDP) provides advanced, all-hazards training to approximately 50,000 emergency responders annually from state, local, tribal, and territorial governments, as well as the federal government, foreign governments, and private entities. The scope of training includes preparedness, protection, and response.
FEMA Emergency Management Institute
The FEMA Emergency Management Institute (EMI) is the flagship training institution for the emergency management community and provides training to federal, state, local, tribal, volunteer, public, and private sector officials to strengthen core competencies for professional, career-long training.
Homeland Security Information Network-Critical Infrastructure
The Homeland Security Information Network (HSIN) serves as the primary information sharing platform between critical infrastructure sector stakeholders and government. HSIN-Critical Infrastructure (HSIN-CI) enables federal, state, local, and private sector critical infrastructure owners and operators to communicate, coordinate, and share sensitive and sector-relevant information to protect critical assets, systems, functions, and networks.
CISA Regional Services
This service helps critical infrastructure owners and operators understand their role and function in the broader critical infrastructure sector. Protective Security Advisors (PSAs) conduct these visits with critical infrastructure facility representatives to help build relationships and enhance communication.
CISA Regional Office Fact Sheets
CISA Regional Offices, located throughout the U.S., deliver trainings, exercises, programs, and other resources to critical infrastructure owners and operators.
Infrastructure Survey Tool
Protective Security Advisors (PSAs) conduct this voluntary, web-based security survey with facility owners and operators to identify and document a facility's overall security and resilience.
Infrastructure Visualization Platform
This platform supports critical infrastructure security and response operations by integrating high-resolution, interactive data, as well as additional assessment information.
Protective Security Advisors
Protective Security Advisors (PSAs) engage with federal, state, local, tribal, and territorial (FSLTT) government partners, businesses, and critical infrastructure owners and operators in their regions to offer steady-state DHS risk mitigation tools, products, and services. PSAs also support National Special Security Events (NSSEs) and Special Event Assessment Rating (SEAR) events; assist with responses to all-hazard incidents through field-level coordination and information sharing; and provide expertise on reconstituting affected critical infrastructure.
Security Assessment at First Entry
The Security Assessment at First Entry (SAFE) tool is designed to help facility owners and operators evaluate current physical and operational security practices and explore opportunities to protect against threats. These assessments are conducted by Protective Security Advisors (PSAs) and provide a high-level review of the security posture and mitigation options for a facility.
Election Security Resource Library
This library provides state and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks, and systems from cyber and physical threats.
Identify Suspicious Behavior
Employee Vigilance – Power of Hello
This library provides state and local governments, election officials, campaigns, vendors, and voters with voluntary tools to secure election-related assets, facilities, networks, and systems from cyber and physical threats.
Fact Sheet – Insider Threat Mitigation Program
This fact sheet provides resources to help organizations design a comprehensive program that protects against insider threats.
Insider Threat Mitigation Web Page
This web page explains ways to help organizations detect, assess, and manage insider threats before it can threaten the workforce.
No Reservations: Suspicious Behavior in Hotels
This video helps hotel employees rapidly identify and report suspicious activities and threats by highlighting suspicious activity indicators. It is also available in Spanish.
Power of Hello Slick-Sheet and Placemat
These products provide stakeholders with information to assist in identifying and effectively responding to suspicious behavior.
Recognize Suspicious Small Unmanned Aircraft Systems Poster and Postcard
This poster and postcard explain how small unmanned aircraft systems (sUAS) are used for a range of tactical and recreational purposes, but can also be used to cause serious harm to individuals and infrastructure.
Suspicious Behavior Advisory Posters
These resources help businesses, first responders, and local governments identify suspicious activities and behaviors to prevent the illicit sale of explosive precursor chemicals and components. The posters are available under the Suspicious Activities and Bomb Threats – What to Do section of the TRIPwire website.
Additional DHS Resources:
Suspicious Activity Reporting Private Sector Security Training Overview
This Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) training module helps private sector security personnel recognize suspicious behaviors associated with terrorism activities; understand how and where to report suspicious activities; and protect privacy, civil rights, and civil liberties when documenting information.
Prepare and Respond to Active Assailants
Active Shooter Emergency Action Plan Video, Guide, and Template
These resources describe the fundamental concepts for developing an Emergency Action Plan (EAP) to respond during an active shooter situation, including important considerations for EAP development. The video shows first-hand perspectives from active shooter survivors, first responder personnel, and other subject matter experts. The guide and template supplement the Active Shooter EAP video. Together, the guide, template, and video create a virtual training tool designed to help develop an organization’s Active Shooter EAP.
Guide & Template: cisa.gov/publication/active-shooter-emergency-action-plan-guide
Active Shooter Preparedness: Access & Functional Needs – What You Should Know
This video provides information organizations can incorporate into an Emergency Action Plan (EAP) to protect individuals with access and functional needs during an active shooter incident.
Active Shooter Recovery Guide
This guide provides information on establishing a recovery process and outlines the necessary actions for short-term and long-term recovery following an active shooter incident.
Active Shooter Workshop
These scenario-based workshops include facilitated discussions to train private sector professionals and law enforcement representatives from federal, state, and local agencies to prepare for and respond to an active shooter situation. Workshop participants evaluate current response concepts, plans, and capabilities for coordinated responses to active shooter incidents.
Mass Gatherings – Security Awareness for Soft Targets and Crowded Places
This guide identifies how businesses can prepare for and mitigate future attacks, including recommended protective measures and actions to consider.
Protecting Infrastructure During Public Demonstrations
This fact sheet offers security recommendations for businesses during public demonstrations. The document also provides options to mitigate risk and access to CISA resources to assist with decision-making.
Protecting Patrons in Outdoor Eating Venues
This fact sheet identifies security measures for restaurants conducting business outside. COVID-19 guidelines led restaurants to set up tables outside, creating potential vulnerabilities. It identifies threats such as vehicle ramming and includes security measures to help mitigate threats.
Prevent and Respond to Bombings
Bomb-Making Materials Awareness Program
The Bomb-Making Materials Awareness Program (BMAP) is designed to promote bomb-making materials (BMM) awareness and reporting of suspicious activity to prevent the intentional misuse of common consumer goods to make improvised explosive devices (IEDs).
Bombing Prevention Lanyard Cards
These quick reference lanyard cards provide key reminders and actions related to bombing prevention, including recommended actions during a bombing incident.
Counter-Improvised Explosive Devices Training Courses
These courses provide general information and strategies to prevent, protect against, respond to, and mitigate bombing incidents. To request direct delivery trainings, please contact your local Protective Security Advisor (PSA) or email OBP@cisa.dhs.gov. For more information or a full list of counter-improvised explosive devices (C-IED) and Risk Mitigation trainings, visit the C-IED Training Courses Website or the C-IED and Risk Mitigation Training Fact Sheet.
DHS-Department of Justice Bomb Threat Guidance
This quick reference guide provides information on threat preparation, threat assessment considerations, staff response guidelines, and evacuation and shelter-in-place considerations.
Security and Resiliency Guide: Counter-Improvised Explosive Device Concepts, Common Goals, and Available Assistance
This guide and corresponding annexes provide individuals, businesses, first responders, and law enforcement with guidance to enhance preparedness for potential improvised explosive device (IED) incidents in their communities. The guide includes risk information, a framework of 10 common counter-IED (C-IED) preparedness goals, planning considerations, and available federal resources. It is complemented by five annexes with additional information relevant to venues at high risk for IED-related incidents, such as lodging, outdoor events, public assembly, and sports leagues and venues.
Sports and Entertainment Venues Bombing Prevention Solutions Portfolio
This tool is a one-stop-shop for training, products, and resources that support sports and entertainment organizations and venues with building counter-improvised explosive device (C-IED) capabilities. This interactive product connects organizational leadership with C-IED resources to empower venue personnel to play an active role in security.
CISA’s Office for Bombing Prevention (OBP) developed and maintains TRIPwire, the DHS Technical Resource for Incident Prevention. It serves as a 24/7 collaborative information-sharing network for bomb squads, first responders, military personnel, government officials, intelligence analysts, and security professionals. TRIPwire combines expert analyses and reports with relevant documents, images, and videos gathered directly from terrorist source materials to help users anticipate, identify, and prevent Improvised Explosive Device (IED) incidents. The site requires registration to access information or partners can log in using a HSIN account.
What to Do – Bomb Threat: Bomb Threat Training Video
This video, developed in partnership with the University of Central Florida and International Association of Chiefs of Police, demonstrates what to do in the event of a phoned-in bomb threat.
What to Do – Training Video Series
This training video series (TVS) communicates threats posed by and how to react to improvised explosive devices (IEDs). This includes videos on suspicious vs. unattended items, bomb searches, surviving a bombing attack, and bomb threats.
Protect Against Small Unmanned Aircraft Systems
Cybersecurity Best Practices for Operating Commercial Small Unmanned Aircraft Systems
This guide provides cybersecurity best practices to help commercial operators protect their networks, information, and personnel. Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating small unmanned aircraft systems (sUAS) into their operational functions. Although sUAS offer benefits to their operators, they can also pose cybersecurity risks.
Small Unmanned Aircraft Systems and Critical Infrastructure – Understanding the Risk Video
This video provides information on critical infrastructure challenges associated with small unmanned aircraft systems (sUAS), counter-UAS security practices, actions to consider for risk mitigation, and specific preparedness efforts for facilities and organizations. It can be found under the sUAS and Critical Infrastructure – Understanding the Risk tab.
Small Unmanned Aircraft Systems Frequently Asked Questions
This site provides answers to common questions about small unmanned aircraft systems (sUAS) for critical infrastructure owners and operators.
Unauthorized Drone Activity Over Sporting Venues
This document presents options for sporting venue owners and operators to consider to prevent, protect from, and respond to unauthorized drone activity.
Small Unmanned Aircraft Systems: Addressing Critical Infrastructure Security Challenges
This fact sheet provides an overview of sUAS-related threats and actions owners and operators can take to protect their facilities.
Small Unmanned Aircraft Systems Critical Infrastructure Drone Pocket Card
This card provides a quick reference guide for critical infrastructure security and operations officers and the general public on how to report small unmanned aircraft systems (sUAS) activity, including what information to share and what actions to take.
Protect, Screen, and Allow Access to Facilities and Venues
Commercial Facilities Publications: Protective Measures Guides
These guides provide businesses with an overview of threats and offer suggestions for planning, coordinating, and training activities that contribute to a safe environment for guests and employees. They are For Official Use Only (FOUO), but businesses can request access through the Commercial Facilities page of the Homeland Security Network-Critical Infrastructure (HSIN-CI), which requires registration.
- Protective Measures Guide for U.S. Sports Leagues
- Protective Measures Guide for the U.S. Lodging Industry
- Protective Measures Guide for Mountain Resorts
- Protective Measures Guide for Outdoor Venues
- Protective Measures Guide for Commercial Real Estate
Dams Sector Active and Passive Vehicle Barriers Guide
This guide assists dam owners and operators in understanding various types of active and passive vehicle barriers and how to incorporate them into their overall security plan. It also provides technical information to assist owners and operators in properly designing protective schemes and selecting vehicle barriers and their safety and security systems.
Evacuation Planning Guide for Stadiums
This guide helps stadium owners and operators prepare evacuation plans and determine when and how to evacuate, shelter-in-place, or relocate. It also includes a template to create a plan based on policies and procedures of state and local governments, surrounding communities, and specific stadium characteristics.
Patron Screening Best Practices Guide
This guide provides options for businesses to develop and implement patron screening procedures for major sporting events, concerts, horse races, award ceremonies, and similar gatherings.
Protecting Patrons During the Holiday Shopping Season
This resource provides potential security measures for shopping venues during the holiday season and identifies suspicious behaviors, protective measures, and resources to enhance security.
Public Venue Bag Search Procedures Guide
This guide provides suggestions for developing and implementing bag search procedures at venues hosting major events. Venue owners, operators, and event organizers should engage local partners to implement the procedures outlined in this guide.
Public Venue Credentialing Guide
This guide offers best practices for developing and implementing credentialing procedures at venues hosting a variety of public gatherings.
Vehicle-Borne Improvised Explosive Device Identification Guide and Video
This guide is designed for stakeholders tasked with identifying suspected vehicle-borne improvised explosive devices (VBIEDs) and provides instruction for vehicle search techniques for law enforcement, bomb squads, hazardous materials (HAZMAT) teams, and other emergency and security personnel. The Vehicle Inspection Guide, Vehicle Inspection Video, and VBIED Identification Guide are all available to registered users on TRIPwire.
Safeguard and Secure Cyberspace
Assessments: Cyber Resilience Review
The Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization's operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by CISA cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains, including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience, as well as provide a gap analysis for improvement based on recognized best practices.
Avoiding Social Engineering and Phishing Attacks Security Tip
This security tip describes social engineering tactics, techniques, and procedures linked to cyber criminals. It also details common indicators related to social engineering attacks and how to avoid falling for these methods.
CISA Community Webinars
These cybersecurity webinars provide information on cyber risk management practices, tools, and procedures. Past webinars have focused on COVID-19 Response: Lessons Learned on Cybersecurity and Resilience in a Pandemic; Smart Cities; and 5G: Security and Vulnerabilities.
CISA Cyber Essentials
This campaign is for small businesses and local government agencies to understand and address cybersecurity risk. Cyber Essentials includes two parts – guiding principles to develop security culture and specific actions for leaders and IT professionals.
Cybersecurity Advisors (CSAs) offer assistance to help prepare and protect private sector entities and state, local, tribal and territorial (SLTT) governments from cybersecurity threats. CSAs promote cybersecurity preparedness, risk mitigation, and incident response capabilities, working to engage stakeholders through partnership and direct assistance activities.
Cyber Resource Hub
This site provides cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other elements that comprise a robust cybersecurity strategy.
Cybersecurity Resources Road Map: A Guide for Critical Infrastructure – Small and Midsize Businesses
This guide helps businesses identify cybersecurity resources that best align with their needs.
National Cyber Awareness System
The National Cyber Awareness System (NCAS) provides cybersecurity advisories and alerts via social media, news syndication, and email.
Telework Essentials Toolkit
This toolkit is designed to help business leaders, IT staff, and end users transition to a secure, permanent telework environment through simple, actionable recommendations. It provides three modules tailored for executive leaders, IT professionals, and teleworkers.