Infrastructure Assessments and Analysis


The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security (DHS), works to enhance critical infrastructure security and resilience against today’s threats and for the future with Federal, State, Local, Tribal, and Territorial (FSLTT) officials; public and private sector owners and operators of critical infrastructure; and academia and non-profit entities. The threats we face – digital and physical, human-caused, natural, and technological – are more complex and the threat actors more diverse, than at any point in our nation’s history. We help organizations better manage risk and increase security and resilience using all available resources, whether leveraged from their own capabilities, purchased from commercial vendors, obtained from government sources, or a combination of sources.

Infrastructure Assessments and Analysis (IAA), part of the Infrastructure Security Division (ISD) of CISA, coordinates and collaborates across all critical infrastructure sectors, including integration challenges with cyber infrastructure and cybersecurity. CISA works with DHS, national, and international partners to defend against today’s threats and collaborates to build a more secure tomorrow, focusing on reducing risks from all hazards. IAA works with ISD and CISA partners collaboratively through four branches:


IAA’s mission is to provide Federal, State, local, tribal, and territorial officials and critical infrastructure owners and operators across the nation with methodologies, tools, and information to strengthen the security and resilience of critical infrastructure. IAA empowers critical infrastructure partners across the nation to strengthen their security and resilience. 

We accomplish this mission by executing collaborative programs that enable collecting, protecting, analyzing, and sharing vital and relevant information. IAA’s ability to legally protect information shared with us enables IAA to connect with, and advise, stakeholders at all levels of public and private sectors. 

Our information and focused assessments – managed with IT-enabled tools – produce critical analyses to understand and advise on risks to critical infrastructure. 
IAA’s systematic approach to training ensures effective use of its assessment tools and methodologies, thus assuring consistent nationwide strengthening of security and resilience.

Resilience Services

The Resilience Services Branch enables a life-cycle approach to security and resilience, from assessing vulnerabilities to working with decision makers across the infrastructure spectrum to infuse security and resilience into planning for, and investing in, infrastructure programs.

Program Training

The Program Training Branch delivers specialized, technical tool and core training to enable the understanding of the complexities of critical infrastructure security and resilience, and interdependencies to support assessments, planning, enhancements, and special event support planning through a series of threat vector trainings. 

Information Protection and Sharing

The Infrastructure Protection and Sharing Branch provides legal protections, sharing, and access to sensitive/proprietary information on the security of critical infrastructure, voluntarily submitted by owners and operators through the Protected Critical Infrastructure Information (PCII) Program, enabling CISA/DHS to develop and deliver a range of capabilities, respond to all hazards, and support risk reduction. 

Mission Systems

The Mission Systems Branch facilitates collecting, protecting, storing, analyzing, and sharing critical infrastructure data in a smart and effective manner to leverage risk-based approaches, through IT-enabled tools, services, and capabilities, including CISA’s core system, the CISA Gateway and its multiple capabilities and applications.

The CISA Gateway is an Information Technology system that provides secure collection and sharing of protected critical infrastructure information (PCII).  The CISA Gateway supports the CISA Infrastructure Security division mission to manage risk and enhance resilience through collaboration and information sharing within the critical infrastructure community.


For all CISA Gateway programmatic and mission questions and support

 For all PCII programmatic and mission questions and support requests: