The Cybersecurity and Infrastructure Security Agency (CISA) conducts specialized security and resilience assessments on the Nation’s critical infrastructure. These voluntary assessments assist CISA and its partners—federal, state, tribal, territorial governments and private industry—in better understanding and managing risk to critical infrastructure. The assessments examine infrastructure vulnerabilities, interdependencies, capability gaps, and the consequences of their disruption. Vulnerability assessments, combined with infrastructure planning resources developed through the Infrastructure Development and Recovery program, forms an integrated planning and assessment capability. This suite of capabilities, methods, and tools support the efficient and effective use of resources to enhance critical infrastructure resilience to all hazards.
These voluntary, nonregulatory assessments are a foundational element of the National Infrastructure Protection Plan's risk-based implementation of protective programs designed to prevent, deter, and mitigate the risk of a terrorist attack while enabling timely, efficient response and restoration in an all-hazards, post-event situation.
Because most U.S. critical infrastructure is privately owned, the effectiveness of CISA assessments depends upon the voluntary collaboration of private sector owners and operators. CISA’s Protective Security Advisors (PSAs) work locally to foster this collaboration and facilitate technical assistance to support enhancement of the security and resilience of the Nation's critical infrastructure. Assessments are offered through the PSAs at the request of critical infrastructure owners and operators and other state, local, tribal, and territorial officials.
Assessments and National Preparedness
CISA’s security and resilience assessments support the National Preparedness Goal’s five mission areas of prevention, protection, mitigation, response and recovery. In particular, CISA’s infrastructure assessments conducted prior to and after a disaster support the response and recovery missions, via Emergency Support Function #14 (Cross Sector Business and Infrastructure) and the Infrastructure Systems Recovery Support Function. These assessments provide partners with invaluable insights to understand how interconnected infrastructure depend upon one another and how to best meet the needs of the affected community.
Types of Assessments Offered
CISA maintains several infrastructure assessments to address different scales of infrastructure (e.g., individual assets, systems, regional networks) and facets of security and resilience:
- Security Assessment at First Entry
- Infrastructure Survey Tool
- Infrastructure Visualization Platform
- Regional Resiliency Assessment Program
For more information on any of these voluntary vulnerability assessments or the Infrastructure Protection Report Series, please email ISDAssessments@cisa.dhs.gov.