Securing Federal Networks

The federal enterprise depends on information technology (IT) systems and computer networks for essential operations. These systems face large and diverse cyber threats that range from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious attacks are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems.

The Cybersecurity and Infrastructure Security Agency (CISA) works with each federal civilian department and agency to promote the adoption of common policies and best practices that are risk-based and able to effectively respond to the pace of ever-changing threats. As systems are protected, alerts can be issued at machine speed when events are detected to help protect networks across the government information technology enterprise and the private sector. This enterprise approach will help transform the way federal civilian agencies manage cyber networks through strategically sourced tools and services that enhance the speed and cost effectiveness of federal cybersecurity procurements and allow consistent application of best practices.

Capacity Enhancement Guides

Capacity Enhancement Guides for Federal Agencies


Federal Capacity Enhancement Guides provide Federal Civilian Executive Branch agencies with actionable recommendations, best practices, and operational insights designed to address common challenges and build agency capacity to reduce cybersecurity risks. CISA is committed to supporting our partners as they build their capacity to defend against today’s cyber threats and to strengthen the resiliency of their networks for tomorrow. This page will be updated as new Capacity Enhancement Guides become available.  

Audience & Scope

Capacity Enhancement Guides target audiences are primarily cybersecurity and IT leadership, mid-level management, and technical personnel at federal agencies.

Capacity Enhancement Guides for Non-Federal Organizations


Non-Federal Capacity Enhancement Guides provide the same type of actionable recommendations, best practices, and operational insights but tailored to non-federal government organizations (e.g. state and local governments, NGO, and private sector organizations). This page will be updated with new capacity enhancement guides as they become available.

Audience & Scope

CISA’s non-federal Capacity Enhancement Guides are developed with state and local government, along with the private industry sector, in mind. The product audiences include, but are not limited to, cybersecurity and IT executives, mid-level management, and technical personnel at non-federal government organizations.

Contact Info

For questions about these guides and other CISA services available to federal agencies, please contact

Trusted Internet Connections (TIC)

Since 2007, the Trusted Internet Connections (TIC) initiative has redefined federal cybersecurity by consolidating network connections and enhancing visibility and security measures throughout the federal network. In accordance with the Office of Management and Budget (OMB) Memorandum (M) 19-26: "Update to the TIC Initiative," TIC 3.0 expands on the original initiative by leveraging modern security practices and technology to secure a wide range of agency network architectures. Compared to previous iterations of the TIC program, TIC 3.0 is highly iterative, meaning the guidance continually reflects modern processes and technological innovations as they become available. TIC 3.0 recognizes shifts in modern cybersecurity and assists agencies in adoption, while recognizing their challenges and constraints in modernizing IT infrastructure. 

National Cybersecurity Protection System (NCPS)

One of CISA's missions is to improve the cybersecurity posture of the Federal Civilian Executive Branch (FCEB) and other partners by facilitating the integration of various cybersecurity technologies, products, and services. To meet that mission need, CISA designs, develops, deploys, and sustains the National Cybersecurity Protection System (NCPS), which provides capabilities that combat and mitigate cyber threats to FCEB information and networks.

NCPS is an integrated system-of-systems that delivers a range of capabilities, such as intrusion detection, analytics, information sharing, and intrusion prevention. These capabilities provide a technological foundation that enables CISA to secure and defend the FCEB IT infrastructure against advanced cyber threats. NCPS advances CISA’s responsibilities as delineated in the Comprehensive National Cybersecurity Initiative.

One of CISA’s key technologies within NCPS is EINSTEIN. The goal of the NCPS EINSTEIN set of capabilities is to provide the federal government with an early warning system, improved situational awareness of intrusion threats to FCEB networks, near real-time identification of malicious cyber activity, and prevention of that malicious cyber activity.

For questions concerning NCPS, please contact the NCPS Program Office.

Continuous Diagnostics and Mitigation (CDM)

DHS’s Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.

CISA Central

CISA Central's mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation's flagship cyber defense, incident response, and operational integration center.

Since 2009, CISA Central has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center. CISA Central shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.

CISA Central brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nation’s networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, CISA Central operates the NCPS, which provides intrusion detection and prevention capabilities to covered federal departments and agencies.

Federal Information Security Management Act (FISMA) Reporting

DHS works collaboratively with federal agencies to build upon the metrics established in previous fiscal years and incorporates updates to ease Federal Information Security Management Act (FISMA) reporting. Current year FISMA documents can be found here.

High Value Asset Program Management Office (HVA PMO)

The Federal High Value Asset (HVA) Program Management Office (PMO) is responsible for ensuring the Federal Civilian Government’s most critical information systems, or HVA systems, are accurately identified, prioritized, and protected against evolving cyber threats. To achieve this vision, the PMO focuses on three primary goals:

  • Ensure the most critical information systems are identified as High Value Assets for adequate protection
  • Provide visibility into cybersecurity posture of High Value Assets to Authorizing Officials and relevant stakeholders
  • Establish effective and efficient whole-of-government approach to securing the most critical information systems
Last Updated Date: December 16, 2021

Was this webpage helpful?  Yes  |  Somewhat  |  No