The Infrastructure Survey Tool (IST) is a voluntary, web-based assessment that Protective Security Advisors (PSAs) conduct in coordination with facilities owners and operators to identify and document the overall security and resilience of the facility.
The Cybersecurity and Infrastructure Security Agency (CISA) conducts an IST on facilities that request the service; the IST focuses on the following areas:
- Identifying facilities’ physical security, security forces, security management, information sharing, protective measures, and dependencies related to preparedness, mitigation, response, resilience, and recovery;
- Identifying security areas of possible improvements;
- Creating facility protective and resilience measures indices that show a comparison to similar facilities that have completed ISTs; and
- Tracking progress toward improving critical infrastructure security.
CISA provides the assessment information that the IST collects and analyzes to owners and operators via both a written report and the IST Dashboard, which is accessed through a secure web portal. The IST Dashboard graphically displays the collected data, which comprises weighted scores on a variety of factors for specific critical infrastructure. The Dashboard compares the data against similar facilities and informs protective measures, resilience planning, and resource allocation. In addition to providing a sector security and resilience overview, the Dashboard highlights areas of potential concern and feature options to view the impact of potential enhancements to protection and resilience measures.
Example of the results displayed in the IST Dashboard. Notational Information.
The written report developed from the IST data contains a description of the facility and its possible vulnerabilities as well as options to mitigate identified vulnerabilities. The information is eligible for protection from disclosure under the Protected Critical Infrastructure Information Program, and the Department of Homeland Security uses this information for steady-state analysis, special-event planning, and incident management.
Please visit cisa.gov for more information on CISA’s mission and the role that critical infrastructure vulnerability assessments, including the IST, play in infrastructure security and resilience.
For specific information on ISTs, please contact ISDAssessments@cisa.dhs.gov.