Critical Manufacturing Sector Resources

DHS offers a variety of Critical Manufacturing Sector resources specifically created for stakeholders and owner operators.

Homeland Security Information Network - Critical Infrastructure

The Homeland Security Information Network (HSIN) is the trusted network for homeland security mission operations to share Sensitive But Unclassified (SBU) information. The Critical Infrastructure community on HSIN (HSIN-CI) is the primary system through which private sector owners and operators, DHS, and other federal, state, and local government agencies collaborate to protect the nation's critical infrastructure. HSIN-CI provides real-time collaboration tools including a virtual meeting space, document sharing, alerts, and instant messaging at no charge to participants. HSIN-CI provides the capability to:

  • Receive, submit, and discuss timely, actionable, and accurate information.
  • Communicate information pertaining to threats, vulnerabilities, security, and response and recovery activities affecting sector and cross-sector operations.
  • Maintain a direct, trusted channel with DHS and other vetted sector stakeholders.

Private Sector Clearances

DHS re-established the DHS Sponsored Private Sector Security Clearance Program in May 2013. This program allows critical infrastructure owners and operators to apply for a "secret" level security clearance. By having this security clearance, you can help us better share classified information relevant to the security and resilience of the Nation's critical infrastructure.

For more information, contact

Business Continuity Planning Suite

With the broad range of threats that businesses face today, an easy-to-use business continuity planning solution is more important than ever. Companies, ranging from small businesses to large enterprises, emphasize the value in ensuring that, in the event of a disruptive incident, operations and vital functions can continue without a severe drop in services. The Business Continuity Planning (BCP) Suite meets this need by enabling businesses to create, improve, or update their business continuity plans.

For more information on the Business Continuity Planning Suite, please email

Suite Components

The Suite is user-friendly and scalable for optimal organizational use. It consists of three main components:

  • BCP training.
  • Automated BCP and disaster recover plan (DRP) generators.
  • A self-directed exercise for testing an implemented BCP.

Business Continuity Training

A 30-minute, video-based course examines the importance of business continuity plans and prepares users to write their own plans in three main segments:

  1. What is business continuity planning?
  2. Why is business continuity planning important?
  3. What is the planning process?

The training contains an introductory video and interviews with an individual who has already successfully prepared and implemented a plan. After completing the training, you will have a basic understanding of business continuity, the process of completing a BCP, and the motivation to complete your own plan using the Suite's generator.

Business Continuity and Disaster Recover Plan Generators

The Suite's BCP and DRP Generators guide businesses through the process of writing their own plans.

  • The BCP Generator builds a plan that guides a company through any disruption to a return to normal operations.
  • The DRP Generator develops a plan specific to the recovery of information technology systems.

Both Generators have a "Save and Exit" feature that allows plans to be completed incrementally if needed. A "Print" option also allows hard copies to be produced and handed out as needed.

Business Continuity Plan Table-Top Exercise

The final component of the Suite is a self-directed exercise that tests your plan and allows users to gauge the effectiveness of their BCP and DRPs. This exercise focuses on a business's recovery efforts following selected disruptions from a broad spectrum of threats, including hurricanes, earthquakes, ice storms, or power blackouts.

The goal of the exercise is to improve a business's overall recovery capabilities and collective decision-making process, while facilitating a thought-provoking exchange of ideas to help develop and expand existing knowledge of policies and procedures.

Critical Manufacturing Roadshow

This road-show meeting with Critical Manufacturing Sector Coordinating Council (SCC) members is held in the Washington, D.C. area. This roadshow showcases the activities of the Department of Homeland Security and other United States Government entities as they strive to meet the information needs and provide necessary tools for the Critical Manufacturing SCC to enhance its awareness and resilience while building public-private partnerships.

For more information, contact

Regional Outreach

Due to travel restrictions and budgetary constraints, small- and medium-sized manufacturers may find it challenging to participate in national in-person critical manufacturing SCC activities. To reach these manufacturers, the SCC has initiated a critical manufacturing SCC regionalization effort. This effort calls for regional or local SCC chapters that allow small- and medium-sized manufacturers to actively participate in the Sector without the expense of travel. In providing an outreach initiative tailored to small- and medium-sized manufacturers, these local chapters can address critical infrastructure protection issues specific to their region and needs.

Similarly, through their local chapters small- and medium-sized manufacturers are members of and directly connected to the national critical manufacturing SCC. These local-national connections both enable and encourage a shared platform to exchange best practices and sector-specific information. As such, members of the local SCC chapters enjoy the same benefits available to the large corporations participating in the national-level SCC.

For more information, contact

Critical Manufacturing Sector Cybersecurity Framework Implementation Guidance

The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework) in February 2014 to provide a common language that critical infrastructure organizations can use to assess and manage their cybersecurity risk. The Framework enables an organization—regardless of its sector, size, degree of risk, or cybersecurity sophistication—to apply the principles and effective practices of cyber risk management to improve the security and resilience of its critical infrastructure.

The U.S. Department of Homeland Security (DHS), as the Sector Risk Management Agency (SRMA), worked with the Critical Manufacturing Sector Coordinating Council (SCC) and Government Coordinating Council (GCC) to develop the Critical Manufacturing Sector Cybersecurity Framework Implementation Guidance specifically for Critical Manufacturing Sector owners and operators. This Implementation Guidance provides Critical Manufacturing Sector organizations with:

  • Background on the Framework terminology, concepts, and benefits of its use.
  • A mapping of existing cybersecurity tools and resources used in the Critical Manufacturing Sector that can support Framework implementation.
  • Detailed Framework implementation steps tailored for Critical Manufacturing Sector owners and operators.

Introduction to the Critical Manufacturing Sector Risk Management Agency Fact Sheet

CISA offers many resources to help owners and operators manage risks, improve security, and aid the implementation and execution of protective and response measures across the Critical Manufacturing Sector. This printer-friendly fact sheet lists a sampling of sector collaboration mechanisms, resources, and training materials.

Critical Manufacturing Sector Security Guide

The Critical Manufacturing Sector Security Guide consolidates effective industry security practices into a framework for Critical Manufacturing owners and operators to select and implement security activities and measures that promote the protection of personnel, public health, public safety, and public confidence. Owners and operators may review the document in full or focus on specific security practice components that address their specific security needs or augment existing security practices. Though Critical Manufacturing Sector security practices are frequently integrated across the enterprise (especially with increasingly converging physical and cyber technologies), they can be organized into four major categories: physical, cyber, personnel, and supply chain. The guide discusses these practices and provides additional information on the various tools, capabilities, and references available to owners and operators.