Capacity Enhancement Guides for Federal Agencies

Federal Capacity Enhancement Guides provide Federal Civilian Executive Branch agencies with actionable recommendations, best practices, and operational insights designed to address common challenges and build agency capacity to reduce cybersecurity risks. CISA is committed to supporting our partners as they build their capacity to defend against today’s cyber threats and to strengthen the resiliency of their networks for tomorrow. This page will be updated as new Capacity Enhancement Guides become available.  

Capability Enhancement Guide, Software Removal Guide for Personal Devices

Federal Government agencies often identify security concerns with a vendor or software product. Your ability to remove problematic software from personal devices is critical to efficiently reducing your cyber risk. This guide provides information on how to effectively identify and remove unwanted software and applications from your personal device(s).

Capacity Enhancement Guide, Software Removal Guide

Federal Government agencies have identified specific concerns with the use of a particular vendor, product, or open-source component. An organization’s ability to identify, isolate, and remove problematic software within the environment is critical to efficiently mitigating associated cyber risk. This guide includes information that organizations can use to leverage their software asset management capabilities to remove risky software from their environment.

Volumetric DDoS Against Web Services Technical Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) published a Capacity Enhancement Guide (CEG) to support Federal Civilian Executive Branch (FCEB) agencies in making risk-informed decisions about the procurement and use of Distributed Denial of Service (DDoS) mitigations to address large-scale volumetric attacks against web services.

Although this guidance is created and intended for use by FCEB agencies, all organizations are encouraged to review and adopt these recommendations to reduce the risk of volumetric DDoS attacks.

Additional DDoS Guidance for Federal Agencies

In October 2022, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released Understanding and Responding to Distributed Denial-of-Service Attacks, which encourages organizations to take proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.

The Additional DDoS Guidance for Federal Agencies Capacity Enhancement Guide provides federal civilian executive branch (FCEB) agencies additional DDoS guidance that includes recommendations of contract vehicles and services specifically designed for, and only available to, FCEB agencies.

Counter-Phishing Recommendations for Federal Agencies

Many agencies have built robust counter-phishing programs, but there remains a wide disparity in scale, capability, and implementation. In response, CISA is recommending technical capabilities to enhance agencies’ counter-phishing defenses. These capabilities stem from operational insights from CISA’s counter-phishing programs and interagency best practices, and they fall into four categories: 1) Secure Email Gateway Capabilities, 2) Outbound Web-browsing Protections, 3) Harden User Endpoints, and 4) Endpoint Protections.

The capabilities, which are primarily technical and preventive in nature, are not meant to replace or lessen the importance of user training and awareness. With proper implementation, these capabilities can significantly decrease the amount of malicious phishing emails reaching teleworking users’ inboxes, and thereby lessen the chance of end-users interacting with phishing emails.

Securing Web Browsers and Defending Against Malvertising for Federal Agencies

Web browsers are the primary mechanism for user interaction with the internet. As such, their security is a constant concern due to the ease of exploitation and the ability of adversaries to interact directly with users. Common vulnerabilities associated with browsers include unsecure configurations, exposure to malicious websites and applications, and unsecure browsing habits due to poorly trained or unaware users.

Implementing Strong Authentication

The purpose of this guide is to lay out the concept of authentication, recommend related security enhancements, and provide guidance to help plan and implement a strong authentication solution. Strong authentication is one of many pillars of a defense-in-depth cybersecurity strategy, but it is not the only solution to cybersecurity issues.

Remote Patch and Vulnerability Management

The purpose of this document is to assist federal agencies with patching roaming devices, i.e., remote devices outside agency campus networks. Traditional vulnerability and patch management solutions require that all roaming devices first establish a trusted connection to—and route all remote traffic back through—agency campus networks. However, when routing traffic through agency campus networks, agencies face challenges related to virtual private network (VPN) bandwidth constraints, which are impacting the timely patching of roaming devices and degrading or interrupting other vital services being accessed from roaming devices. These significant delays in patching leave roaming devices susceptible to common vulnerabilities and threats. Recent increases in teleworking have amplified these issues and made securing roaming devices even more challenging.

In April 2020, the Cybersecurity and Infrastructure Security Agency (CISA) released Trusted Internet Connection (TIC) 3.0 Interim Telework Guidance, which provided an alternative solution for remote vulnerability and patch management, allowing agencies to route associated traffic directly to agency-sanctioned cloud service providers (CSPs), thus bypassing limited bandwidth connections back to agency campus networks.

This guide assists federal agencies in leveraging the TIC 3.0 Interim Telework Guidance to improve remote vulnerability management efforts to meet the growing demands on network capacity that may otherwise require an increase in bandwidth for existing internet service provider (ISP) or VPN services.

Printing While Working Remotely

The increase in teleworking across federal agencies has extended the enterprise perimeter into employees’ homes. Expanded telework has created additional security challenges, such as ensuring secure remote access and enforcing remote patch and vulnerability management. Printing while working remotely is another security challenge because of the risks posed when agency personnel move data from federal information systems to physical space outside of agency control. These risks include increasing a federal agency’s attack surface, reducing the effectiveness of existing cybersecurity controls, and increasing the potential for data loss and exposure. As agencies continue to acclimate to the expanded telework environment, it is important to note that each agency remains responsible for identifying, safeguarding, and managing all records—including hard copies and other printed materials—in accordance with federal laws and regulations.

This Capacity Enhancement Guide details Cybersecurity and Infrastructure Security Agency (CISA) recommendations for developing agency-level policies and procedures related to printing from home while teleworking. Specifically, this guide provides CISA’s recommendations on the following topics: (1) developing an agency-wide policy for printer use during remote work, (2) establishing an approval process, and (3) handling, storing, and disposing of printed materials.

Mobile Device Cybersecurity Checklist for Organizations

CISA has created this Enterprise Mobility Management (EMM) system checklist to assist your organization in mitigating vulnerabilities and increasing enterprise protection. Enterprise-managed mobile devices face threats from a wide variety of sources. Implementing the following best practices will enable your organization to provide your employees with secure mobile access to enterprise resources.

Mobile Device Cybersecurity for Checklist for Consumers

Mobile devices are an integral part of our daily lives. There are an estimated 294 million smartphone users in the United States, making these devices an attractive target for cybercriminals. Threats range from mere annoyances (spam messages) to severe (loss of personal information, credentials, or money). Listed below are simple cyber hygiene steps consumers can take to improve the cybersecurity of their mobile devices.

Social Media Account Protection

This guide provides technical measures to better secure organization-run social media accounts. Many federal agencies and other organizations use various social media platforms as a primary way to engage with the public. The measures described in this guide aim to protect social media accounts and reduce the risk of unauthorized access on platforms such as Twitter, Facebook, and Instagram.