blue background

Secure U.S. State, Local, Tribal & Territorial Government

Protect critical infrastructure, public trust, and essential services with no-cost cybersecurity tools and resources from CISA. 

Protect Public Data and Services from Online Threats

Cyber threat actors target not only the United States federal government, but also the thousands of organizations in our state, local, tribal, and territorial (SLTT) governments. These agencies include counties, cities, towns, school districts, and more, and they provide essential services and safeguard essential data for millions of people. 

Securing Critical Infrastructure 


SLTTs manage vital infrastructure, from public utilities and emergency services, to transit and public health. These systems are increasingly connected to the internet—and increasingly vulnerable. 

Cyberattacks can cause widespread disruption. Attacks on schools, hospitals and other infrastructure have delayed care, disrupted operations and exposed personal data. 

Even if you don’t view your place of employment as “critical infrastructure,” you likely run services the public depends on. A single vulnerability can ripple through others. Strong cybersecurity isn't just good to have - it's civic duty.  

CISA recommends that governments at all levels implement nine cybersecurity best practices and offers no-cost information, services and tools to help you get started. 


Start Here: Four Essentials 

If your cybersecurity program is in early stages, start with these foundational practices.  

  1. Protect Government Systems and Information with Phishing Training: Phishing tricks employees into opening malicious attachments or sharing sensitive information. Train staff to recognize and report suspicious messages. 
  1. Require Strong Passwords: Strong passwords are a simple but powerful way to block criminals from accessing your accounts through guessing or automated attacks. Make them mandatory for all users.  
  1. Require MFA: Multifactor authentication (MFA)—also known as 2-factor authentication—adds an extra layer of security beyond passwords. Require it to make accounts significantly more secure. 
  1. Update Software: Outdated software can contain exploitable flaws. Promptly install security updates and patches to keep your systems protected.  
     


Next Steps: Level Up Your Defenses 

With the four essentials as your foundation, you can “level up” by implementing these additional practices. And make a plan to add these to your cybersecurity posture over time. 

  1. Use Logging on Government Systems: Log activity so your team can monitor for signs that threat actors may be trying to access your systems. Learn how to monitor key information to protect your organization. 
  1. Back Up Government Data: Incidents happen, but when you back up critical information, recovery is faster and less stressful. Put a backup plan in place to protect your systems and keep things running smoothly. 
  1. Encrypt Government Data: Encrypting your data and devices strengthens your defense against attacks. Even if criminals gain access to your files, information stays locked and unreadable. Make encryption part of your security strategy.
  2. Migrate to the .Gov Domain: CISA ensures that only legitimate government entities can use a .gov web address. Migrate your website and email to increase public trust and reduce the chance of impersonation attacks. Learn more at get.gov.
     


And Don't Forget: 

 

  1. Share Cyber Incident Information with CISA: When organizations and CISA share threat information, everyone is more secure. Report incidents to help CISA warn others and get information in return to help you stay ahead of threats. 

 

 

No-Cost Information and Services—Share with Your IT Team

cyber city

Cyber Resilience Review

Evaluate your organization’s operational resilience and cybersecurity practices. Use the self-review tool or request a no-cost, on-site facilitated session. 

women at her desk working and speaking into a headset

Cyber Hygiene Services

CISA provides no-cost scanning to help organizations prioritize patching and updates to protect systems from known exploitations. Reduce your exposure to threats with this proactive approach. 

man at desk working

Secure Cloud Business Applications (SCuBA)

Secure your cloud-based applications. SCuBA assesses SaaS configurations and supports practices like MFA, strong passwords, and audit logging. 

resource document icon for State, Local, Tribal and Territorial government resources

Share with Your Employees

Keep your team up to date with “4 Easy Ways to Stay Safe Online,” a fact sheet with simple cybersecurity best practices employees can use at work and in their personal lives. 

Get the fact sheet
State and Local Cyber Grants Logo

Cybersecurity Grants for SLTT Organizations

Resource limitations shouldn’t stand in the way of strong cybersecurity. Federal grants can help you fund essential protections. 

EXPLORE STATE & LOCAL CYBERSECURITY GRANT PROGRAM

EXPLORE TRIBAL CYBERSECURITY GRANT PROGRAM

State, Local, Tribal & Territorial Resources

Cybersecurity Awareness Month