General Telework Guidance

Best practices for system administrators and other technical staff to enhance their organization’s security posture during remote working conditions.

CEG: Remote Patch and Vulnerability Management on Federal Networks

The purpose of this document is to assist federal agencies with patching roaming devices, i.e., remote devices outside agency campus networks. This guide assists federal agencies in leveraging the TIC 3.0 Interim Telework Guidance to improve remote vulnerability management efforts to meet the growing demands on network capacity that may otherwise require an increase in bandwidth for existing internet service provider (ISP) or VPN services.

Relevant Audiences: Federal Employees, Network/System Administrators

TIC 3.0 Interim Telework Guidance

To help secure the .gov during the unprecedented surge in telework, CISA released the TIC 3.0 Interim Telework Guidance document given the surge in teleworking. This document provides security capabilities for remote federal employees securely connecting to private agency networks and cloud environments.

Relevant Audiences: Federal Workers, System/Network Administrators, Critical Infrastructure

Microsoft Office 365 Security Observations

This Analysis Report provides information on mitigating the risks and vulnerabilities involved when transitioning to Microsoft Office 365 (O365), as well as on cloud services configuration vulnerabilities.

Relevant Audiences: Small/Medium Business, System/Network Administrators, SLTT

AA20-120A: Microsoft Office 365 Security Recommendations

This Alert is an update to CISA’s May 2019 Analysis Report, AR19-133A: Microsoft Office 365 Security Observations, and reiterates the recommendations related to Microsoft Office 365 (O365) for organizations to review and ensure their newly adopted environment is configured to protect, detect, and respond against would be attackers of O365.

Relevant Audiences: System/Network Administrators, SLTT

Remediate Vulnerabilities for Internet Accessible Systems

CISA Insights document providing guidance and recommendations to ensure effective and timely remediation of vulnerabilities identified through vulnerability scanning before malicious actors can compromise your networks via exploitable, externally-facing systems.

Relevant Audiences:  System/Network Administrators, SLTT, Critical Infrastructure, Schools

Enhance Email & Web Security

CISA Insights document providing guidance and recommendations to address the significant risks to organizational information and information systems posed by phishing emails and use of the unencrypted HTTP protocol.

Relevant Audiences:  Small/Medium Business, System/Network Administrators, SLTT, Critical Infrastructure

Building Collective Resilience for the ICT Supply Chain

Protecting the Nation’s critical infrastructure requires a collective, coordinated effort. Individual companies and organizations can follow these steps to build and implement an effective ICT supply chain risk management (SCRM) program to improve their overall security posture.

Relevant Audiences:  System/Network Administrators, Critical Infrastructure

Joint CISA and UK Tip on COVID-19 Cyber Threat Exploitation

This joint product from CISA and the United Kingdom’s National Cyber Security Centre (NCSC) provides practical advice for individuals and organizations on how to defend against COVID-19-related malicious cyber activity.

Relevant Audiences:  Small/Medium Business, System/Network Administrators, Critical Infrastructure

AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

A joint alert from CISA and the United Kingdom’s National Cyber Security Centre (NCSC) that provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic.

Relevant Audiences:  General, Small/Medium Business, System/Network Administrators, SLTT, Critical Infrastructure

Responding to a Pandemic: Technology Consideration for PSAPS

Public Safety Answering Points (PSAPs) around the country must be prepared for reduced onsite staff due to social distancing measures and increased sick and family medical leave. To learn about unique solutions to this complicated challenge, read one stakeholder’s approach to managing a remote 9-1-1 environment during Covid.

Relevant Audiences:  System/Network Administrators, Critical Infrastructure

Addressing DNS Resolution on Federal Networks

Statement from Bryan Ware, Assistant Director, Cybersecurity and Infrastructure Security Agency (CISA), outlining CISA memo reminding agencies of their responsibilities to use EINSTEIN 2 Accelerated, our DNS service, to make it harder for attackers to monitor and modify communication.

Relevant Audiences:  Federal Workers, System/Network Administrators

Tips and security considerations to help employees and non-technical users establish a safe telework environment at home. 

Home and Business (Resource Page for home and small business networks)

Resource page for teleworkers and small business owners to learn about securing their home and small-business networks.

Relevant Audiences:  General, Small/Medium Business

Telework Best Practices (for Federal Government Employees)

Tip sheet on from DHS and the NSA for Federal workers on the “Do’s” and “Don’ts” when working from home.

Relevant Audiences:  Federal Employees

Avoiding Social Engineering and Phishing Attacks

Avoid being a victim with this Security Tip to help you identify common indicators from several social engineering attacks, including phishing, vishing, and smishing attacks.

Relevant Audiences:  General, Small/Medium Business

ST04-004: Understanding Firewalls

Use this Security Tip to learn more about firewalls and how they can protect from an attack, and figure out which type of firewall is best for your home or small office.

Relevant Audiences:  General, Small/Medium Business

5 Steps to Protecting Your Digital Home

This resource is designed to make sure our “smart homes” are protected from a new set of security risks, enabling you to confidently connect to your digital devices.

Relevant Audiences:  General, Small/Medium Business

ST15-003: Before You Connect a New Computer to the Internet

Strong computer security ensures safe processing and storage of our personal information. Use this resource to learn exactly how and why computer security is important today.

Relevant Audiences:  General

5 Everyday Steps Towards Online Safety (Stop.Think.Connect.Campaign)

Simple steps from the Stop.Think.Connect. campaign to protect yourself online, whether you are at home, work, school, or on the go.

Relevant Audiences:  General

ST06-008: Safeguarding Your Data

Protect your personal information from hidden risks online. Follow these steps to safeguard yourself if you manage your finances online, store sensitive personal data on your computer, or work from home.

Relevant Audiences:  General

ST05-001: Evaluating Your Web Browser's Security Settings

Browse the internet with confidence and stay safe from attacks with this resource that has everything you need to know about your web browser’s security settings.

Relevant Audiences:  General, Small/Medium Business

ST19-001: Protecting Against Ransomware

This Security Tip provides an overview on the ransomware threat, and provides important information about how to prevent attacks, protect your data and networks, respond to a ransomware infection.

Relevant Audiences:  General, Small/Medium Business, SLTT, Critical Infrastructure

Creating A Password Tip Card (Stop.Think.Connect Campaign)

Learn these best practices from the Stop.Think.Connect. campaign for creating strong passwords, and help defend yourself from cybercrime.

Relevant Audiences:  General

Malware Tip Card (Stop.Think.Connect. Campaign)

Stop.Think.Connect. resource providing an easy-to-understand backgrounder on all things related to malicious software, or malware. Learn to protect yourself from malware, which can compromise the integrity of your computer or mobile device.

Relevant Audiences:  General


Was this document helpful?  Yes  |  Somewhat  |  No