This page provides National Risk Management Center (NRMC) outreach materials, information, and guides. Download and share these NRMC resources to enhance critical infrastructure security and resilience.
New Resources
November 17, 2022: Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence released the Securing the Software Supply Chain: Recommended Practices Guide for Customers that was developed by the Enduring Security Framework Working Group (a cross-sector, public-private working group). The final of a three-part series, this guidance provides best practices for software customers for procuring and deploying secure software, which includes guidance for the Software Bill of Materials.
- Download/share the latest Securing the Software Supply Chain: Recommended Practices Guide for Customers
- Download/share Part 2 for Suppliers (and accompanying fact sheet)
- Download/share Part 1 for Developers
October 18, 2022: CISA released the Tactics of Disinformation Series, available in English and Spanish, to provide state, local, tribal, and territorial government officials and private sector partners insight into eight common tactics used by disinformation actors to spread false narratives as well as proactive measures that can help mitigate the effectiveness of each tactic.
- Download/share the Tactics of Disinformation Series (English-version)
- Download/share the Tactics of Disinformation Series (Spanish-version)
Fact Sheets and CISA Insights
- CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography
- CISA Insights: Risk Considerations for Managed Service Provider Customers
- ICT Supply Chain Risk Management (SCRM) Fact Sheet
- National Critical Functions (NCF) Fact Sheet
- National Risk Management Center (NRMC) Fact Sheet
- Pipeline Cybersecurity Initiative (PCI) Fact Sheet
- Time - The Invisible Utility: two quick reference guides designed for organization leaders (corporate level) and IT professionals and staff (technical level) on the importance of accurate and resilient timing.
- Corporate-level Fact sheet (for organization leaders)
- Technical-level Fact sheet (for IT and staff)
- Sign Up for a .gov Domain: Information for Election Officials Fact Sheet
- Systemic Cyber Risk Reduction Venture Fact Sheet
- Understanding Vulnerabilities of Positioning, Navigation, and Timing (PNT) fact sheet
Infographics and Graphic Novels
- 5G Basics Infographic
- 5G Market Penetration and Risk Factors Infographic
- Cyber Risks & Resources for the Supply Water National Critical Function Infographic
- Cyber Risks & Resources for the Manage Wastewater National Critical Function Infographic
- Disinformation Stops With You Infographic Set
- ICT Supply Chain Risks Infographic
- ICT Supply Chain Risk Management (SCRM) Essentials
- Information Manipulation Infographic
- Layering Network Security Through Segmentation Infographic
- National Critical Functions (NCF) Set
- Pipeline Cyber Risk Mitigation Infographic
- Port Facility Cybersecurity Risks Infographic
- Resilience Series: Bug Bytes Graphic Novel
- Resilience Series: Real Fake Graphic Novel
- Risk to Critical Infrastructure: Telecommunications Central Offices Infographic
Papers, Reports, and Toolkits
- 2021 NCF Status Update to the Critical Infrastructure Community
- 2020 NCFs Status Update to the Critical Infrastructure Community
- Assessment of the Critical Supply Chains Supporting the U.S. Information and Communications Technology Industry
- 5G: Edge vs. Core - An Increasingly Less Pronounced Distinction in 5G Networks
- 5G: Overview of Risks Introduced by 5G Adoption in the United States
- Cybersecurity Toolkit to Protect Elections
- Defending Against Software Supply Chain Attacks
- Electromagnetic Pulse (EMP) Program Status Report
- ICT SCRM: Paper on Executive Order 13873 Response: Methodology for Assessing the Most Critical Information and Communication Technologies (ICT) and Services
- ICT Supply Chain Risk Management Toolkit
- NCFs: Overview of the National Critical Functions
- Open Radio Access Network Security Considerations
- Potential Threat Vectors to 5G Infrastructure
- PNT: Report on Positioning, Navigation, and Timing (PNT) Backup and Complementary Capabilities to the GPS
- PNT: Time Guidance for Network Operators, Chief Information Officers, and Chief Information Security Officers *updated guidance
- Secure Tomorrow Series Toolkit
- Securing the Software Supply Chain: Recommended Practices Guide for Developers (first of a three-part series by the Enduring Security Framework Working Group)
- Securing the Software Supply Chain: Recommended Practices Guide for Suppliers and accompanying fact sheet (second of a three-part series by the Enduring Security Framework Working Group)
- Securing the Software Supply Chain: Recommended Practices Guide for Customers (third of a three-part series by the Enduring Security Framework Working Group) *new resource
ICT Supply Chain Risk Management (SCRM) Task Force Products
- ICT SCRM Task Force: Interim Report
- ICT SCRM Task Force: Lessons Learned During the Covid-19 Pandemic
- ICT SCRM Task Force Operationalizing Vendor SCRM Template for Small and Medium-sized Businesses
- Operationalizing Vendor SCRM Template for SMBs Spreadsheet (This spreadsheet is as an alternate tool to utilize this product, intended to allow options to accommodate yes, no, or partial responses to each of the questions.)
- ICT SCRM Task Force Preliminary Considerations of Paths to Enable Improved Multi-Directional Sharing of Supply Chain Risk Information
- ICT SCRM Task Force: Threat Scenarios Report (Version 1)
- ICT SCRM Task Force: Threat Scenarios Report (Version 2)
- ICT SCRM Task Force: Threat Scenarios Report (Version 3)
- ICT SCRM Task Force: Year Two Report
- ICT SCRM Task Force: Report on Mitigating ICT Supply Chain Risks with Qualified Bidder and Manufacturer Lists
- ICT SCRM Task Force: Vendor SCRM Template
Election Security Resources
CISA Election Resources
- Best Practices for Continuity of Operations (Handling Destructive Malware)
- Campaign Checklist for Securing Your Cyber Infrastructure
- CISA Election Security Training and Exercise Offerings Flyer
- CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure
- CISA Insights: Chain of Custody and Critical Infrastructure Systems
- Cyber Incident Detection and Notification Planning Guide for Election Security and Templates
- Cybersecurity Toolkit to Protect Elections *new resource
- DHS Election Infrastructure Security Funding Consideration
- Domain-Based Message Authentication, Reporting and Conformance Fact Sheet
- Election Disinformation Toolkit
- Election Infographic Products: A set of five products designed to combat disinformation by equipping election officials, stakeholders, and voters with information on the mail-in voting, post election, and election result processes (which vary by state and/or jurisdictions). The products include:
- Mail-in Voting Processing Factors Map (Updated October 29, 2020): A weekly-updated map that offers a visual of the movement in each state’s mail-in ballot processing.
- Mail-in Voting 2020 Policy Changes Map (Updated October 29, 2020): A map that offers a visual of changes established to each state as a result of COVID-19.
- Mail-in Voting Election Integrity Safeguards Infographic: A product that provides the description and in-person equivalent for procedural and physical ballot safeguards.
- Post Election Process Mapping Infographic: A product that provides a timeline of post-election processes for the Presidential election from close of polls on Election Day, November 3, 2020, to Inauguration Day on January 20, 2021.
- Election Results Reporting Risk and Mitigations Infographic: A product that provides an overview of the risks associated with results reporting systems and how they are managed through mitigating measures.
- Note: CISA is committed to providing access to our webpages and documents for individuals with disabilities, both members of the public and federal employees. If the format of any elements or content within these documents interfere with your ability to access the information, as defined in the Rehabilitation Act, please email EISSA@cisa.dhs.gov. To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material.
- Election Infrastructure Cyber Risk Assessment
- Evaluación De Riesgo Cibernético A La Infraestructura (Spanish-version)
- Election Infrastructure Cyber Risk Infographic
- Riesgo A La Infraestructura Electoral (Spanish-version)
- Election Infrastructure Insider Threat Mitigation Guide
- Election Infrastructure Security Resource Guide
- Election Infrastructure Subsector-Specific Plan: 2022 Status Update
- Election Risk Profile Tool
- FBI-CISA Public Service Announcement - Foreign Actors Likely to Use Information Manipulation Tactics for 2022 Midterm Elections *new PSA
- FBI-CISA Public Service Announcement - Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting *new PSA
- FBI-CISA Public Service Announcement - Spoofed Internet Domains Pose Cyber and Disinformation Risks to Voters
- FBI-CISA Public Service Announcement - Foreign Actors Likely to Use Online Journals to Spread Disinformation Regarding 2020 Elections
- FBI-CISA Public Service Announcement - DDOS Attacks on Election Infrastructure Can Hinder Access to Voting Information, Would Not Prevent Voting
- FBI-CISA Public Service Announcement - False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections
- FBI-CISA Public Service Announcement - Cyber Threats to Voting Processes Could Slow But Not Prevent Voting
- FBI-CISA Public Service Announcement - Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
- Flyer: Before You Vote- National
- Flyer: Before You Vote- State and Local
- Flyer: State & Local Official Results
- Infographic: Ensuring and Securing Your Vote – National Audience
- Infographic: Ensuring and Securing Your Vote - State & Local Audience
- Flyer: Vote with Confidence
- Guide to Vulnerability Reporting for America’s Election Administrators
- Hyper Text Transfer Protocol Secure (HTTPS) Fact Sheet
- Incident Handling Overview for Election Officials
- Mail-in Voting in 2020 Infrastructure Risk Assessment and Infographic
- Multi-Factor Authentication (MFA) Fact Sheet
- Physical Security of Voting Locations and Election Facilities
- Protecting Your Networks from Ransomware
- Ransomware Fact Sheet
- Security Resources for the Election Infrastructure Subsector
- Securing Voter Registration Data
- Sign Up for a .gov Domain: Information for Election Officials Fact Sheet
- Registrar Un Dominio.gov(Spanish-version)
- Supply Chain Risks to Election Infrastructure Subsector Infographic
- Three P's of Voting Infographic
- U.S. Electoral Process Infographic
Election Infrastructure GCC and SCC Resources
These voluntary resources were developed by the Election Infrastructure Subsector’s Government Coordinating Council (GCC) and Sector Coordinating Council (SCC) to assist election officials and voters prepare for impacts to possible COVID-19 related impacts to upcoming elections.
COVID-19 & Election Security
- Ballot Drop Box: Deploying ballot drop boxes in support of increased mail voting, including considerations like security, chain of custody, and estimating the number of boxes needed.
- Election Education and Outreach for Increased Absentee or Mail Voting: Strategies for outreach to legislators/policy makers, parties, campaigns, advocacy groups, voters, and others to educate them on absentee voting and vote by mail.
- Electronic Ballot Delivery and Marking: Helping jurisdictions determine whether expanded electronic ballot delivery and marking options is appropriate for them.
- Helping Voters to Request a Mail-in Ballot: Public messaging and outreach to apprise voters of the application process for requesting mail-in ballots.
- Importance of Accurate Voter Data When Expanding Absentee or Mail Ballot Voting: Risks associated with inaccurate voter records and considerations for securing voter registration data.
- Inbound Ballot Process: Receipt and processing of increased volume of inbound mail ballots.
- Managing an Increase in Outbound Ballots: FAQs and recommendations for working with vendors, the U.S. Postal Service, and others for handling increased volume of outgoing mail ballots.
- Signature Verification and Cure Process: Processes for verifying signatures and giving voters the opportunity to remedy rejected mail ballots.
- Vote By Mail / Absentee Voting Timeline – Excel and PDF: Lays out estimated lead times required for states to consider when implementing processes to support significant increases in mail-in voting.
In-Person Voting Materials
- Assisting Sick, Exposed, Symptomatic, and Quarantined Voters: Guidance with measures for election officials to consider to mitigate the spread of COVID-19 during the November elections.
- Considerations for Modifying the Scale of In-Person Voting: Guidance to election administrators conducting in-person voting on a different scale, and considerations for combining precincts and alternative vote centers.
- Finding Voting Locations and Poll Workers: Outlines challenges election officials may face procuring polling places and poll workers and considerations for increased physical and cybersecurity risks associated with in-person voting.
- Health and Safety at the Polling Place: Guidance to election administrators regarding personal protective equipment (PPE), cleaning and disinfecting, establishing procedures, and considerations for modifying poll working training.
- Innovative Practices and New Solutions Guide: Provides ideas and solutions to election officials on how to administer and secure election infrastructure.
- Safeguarding Staff and Work Environment from COVID-19: Outlines new safety measures, (i.e., isolating staff and regular disinfecting protocols), providing PPE, exposed employees, and cybersecurity considerations regarding remote work.
Mis-, Dis-, and Malinformation Resources
- CISA Insights: COVID-19 Disinformation Activity
- CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure
- COVID-19 Disinformation Toolkit
- Disinformation Stops With You Infographic Set
- La Desinformación Se Detiene Con Usted (Spanish-version)
- Foreign Interference Taxonomy
- Taxonomía De Interferencia Extranjera (Spanish-version)
- Graphic Novel - Bug Bytes: Demonstrates how threat actors use social media and other communication platforms to spread inaccurate information for the sole purpose of planting doubt in the minds of targeted audiences to steer their opinion. Readers follow protagonist Ava, a graduate, who uses her wits and journalism skills to uncover a disinformation campaign set to damage Fifth Generation (5G) critical communications infrastructure in the United States.
- Graphic Novel - Real Fake: Demonstrates how threat actors capitalize on political and social issues (especially around election cycles) to stealthily plant doubt in the minds of targeted audiences and steer their opinion.
- Information Manipulation Infographic
- Manipulación De La Información (Spanish-version)
- MDM Planning and Incident Response Guide for Election Officials
- Rumor Control Page Start-Up Guide
- Social Media Bots Infographic Set
- Los Bots In Redes Sociales (Spanish-version)
- Tactics of Disinformation Series
- Tácticas de Desinformación (Spanish-version)
- Tools of Disinformation: Inauthentic Content
- Tools of Disinformation: Inauthentic Content (Spanish-version)
- War on Pineapple: Understanding Foreign Interference in 5 Steps