Emergency Services Sector Cybersecurity Framework Implementation Guidance

Revision Date

The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity (Framework) in February 2014 to provide a common language that critical infrastructure organizations can use to assess and manage their cybersecurity risk. The Framework enables an organization—regardless of its sector, size, degree of risk, or cybersecurity sophistication—to apply the principles and effective practices of cyber risk management to improve the security and resilience of its critical infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA), as the Sector Risk Management Agency (SRMA) for the Emergency Services Sector (ESS), worked with the Emergency Services Sector Coordinating Council (ESSCC) and Emergency Services Government Coordinating Council (ESGCC) to develop the Emergency Services Sector Cybersecurity Framework Implementation Guidance specifically for ESS organizations. This guidance provides Emergency Services Sector organizations with:

  • Background on the Framework terminology, concepts, and benefits of its use.
  • A mapping of existing cybersecurity tools and resources used in the Emergency Services Sector that can support Framework implementation.
  • Detailed Framework implementation steps tailored for Emergency Services Sector organizations.

Contact Us

For more information, contact the Emergency Services Sector Management Team at or visit CISA | Emergency Services Sector.