Critical Infrastructure Assessments
The Cybersecurity and Infrastructure Security Agency (CISA) conducts specialized security and resilience assessments on the nation's critical infrastructure. These voluntary assessments assist CISA and its partners—federal, state, tribal, territorial governments and private industry—in better understanding and managing risk to critical infrastructure. The assessments examine infrastructure vulnerabilities, interdependencies, capability gaps, and the consequences of their disruption. Security and resilience assessments, combined with infrastructure planning programs and capabilities, forms a holistic approach to enhance critical infrastructure resilience to all hazards.
These voluntary, nonregulatory assessments are a foundational element of the National Plan's risk-based implementation of protective programs designed to prevent, deter, and mitigate the risk of a terrorist attack while enabling timely, efficient response and restoration in an all-hazards, post-event situation.
Because most U.S. critical infrastructure is privately owned, the effectiveness of CISA assessments depends upon the voluntary collaboration of private sector owners and operators. CISA's Protective Security Advisors (PSAs) work locally to foster this collaboration and facilitate technical assistance to support enhancement of the security and resilience of the Nation's critical infrastructure. Assessments are offered through the PSAs at the request of critical infrastructure owners and operators and other state, local, tribal, and territorial officials.
Assessments and National Preparedness
CISA's security and resilience assessments support the National Preparedness Goal's five mission areas of prevention, protection, mitigation, response and recovery. In particular, CISA's infrastructure assessments conducted prior to and after a disaster support the response and recovery missions, via Emergency Support Function #14 (Cross Sector Business and Infrastructure) and the Infrastructure Systems Recovery Support Function. These assessments provide partners with invaluable insights to understand how interconnected infrastructure depend upon one another and how to best meet the needs of the affected community.
Types of Assessments Offered
CISA maintains several infrastructure assessments to address different scales of infrastructure (e.g., individual assets, systems, regional networks) and facets of security and resilience. Information on these assessments and capabilities can be found here.