Securing Federal Networks

The federal enterprise depends on information technology (IT) systems and computer networks for essential operations. These systems face large and diverse cyber threats that range from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious attacks are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems.

The Cybersecurity and Infrastructure Security Agency (CISA) works with each federal civilian department and agency to promote the adoption of common policies and best practices that are risk-based and able to effectively respond to the pace of ever-changing threats. As systems are protected, alerts can be issued at machine speed when events are detected to help protect networks across the government information technology enterprise and the private sector. This enterprise approach will help transform the way federal civilian agencies manage cyber networks through strategically sourced tools and services that enhance the speed and cost effectiveness of federal cybersecurity procurements and allow consistent application of best practices.

Switch to Modern Authentication in Exchange Online

CISA urges Federal Civilian Executive Branch (FCEB) agencies to take steps to switch to Modern Authentication in Exchange Online before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Additionally CISA urges all organizations to expedite migration to Modern Auth as Basic Auth does not support multifactor authentication, which is required for FCEB agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity.”

Secure Cloud Business Application (SCuBA) Project

Through authorities granted in the American Rescue Plan Act of 2021 and the FY21 National Defense Authorization Act, CISA established the Secure Cloud Business Applications (SCuBA) project. Under the SCuBA project, CISA is working to design cybersecurity guidance for Microsoft 365 (M365) and Google Workspace (GWS) services by leveraging vendor native capacities as well as third-party solutions as necessary.  

The SCuBA project will provide architecture and security configurations that offer fundamental protections for cloud business applications and give FCEB agencies and CISA the visibility necessary to identify and detect adversarial activity in their cloud environments. CISA will work with agencies to address risks associated with their use of cloud services. 

PUBLIC COMMENT – CLOSED – The public comment period for each of these documents ended on May 19, 2022. The input received from stakeholders will be implemented into the final versions of each of these products.

  • The SCuBA Technical Reference Architecture (TRA) is a security guide that agencies can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, agile development, and zero trust frameworks.   
    • In your comment, please provide the reference number associated with your sentence line located on the far left of each page.  
  • The Extensible Visibility Reference Framework (eVRF) Guidebook provides a framework overview, which enables agencies to identify visibility data that can be used to mitigate threats. Also, it helps organizations understand the extent to which specific products and services provide that visibility data and identify potential visibility gaps.   
    • In your comment, please provide the reference number associated with your sentence line located on the far left of each page.  

Federal Agency 5G Technology Adoptions  

Federal agencies, along with many other organizations across the public and private sectors, are expected to adopt 5G technology that will provide new features, capabilities and services to transform their mission and business operations. However, a security assessment is required before any agency 5G technology adoptions can be granted authorization to operate.  

CISA – along with its partners from the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s (DoD) Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) – published a proposed five-step 5G Security Evaluation Process that is derived from research and security analyses conducted by each participating agency. The jointly proposed process, “5G Security Evaluation Process Investigation,” was developed to address gaps in existing security assessment guidance and standards that arise from the new features and services in 5G technologies 

OPEN FOR PUBLIC COMMENT: Until June 27, 2022, the guidance is open for public comment.  

  • This feedback will be used to assess need for additional security recommendations and guidance publications for federal agency adoptions of 5G technologies.  

  • All comments should be submitted to:

Capacity Enhancement Guides

Capacity Enhancement Guides for Federal Agencies


Federal Capacity Enhancement Guides provide Federal Civilian Executive Branch agencies with actionable recommendations, best practices, and operational insights designed to address common challenges and build agency capacity to reduce cybersecurity risks. CISA is committed to supporting our partners as they build their capacity to defend against today’s cyber threats and to strengthen the resiliency of their networks for tomorrow. This page will be updated as new Capacity Enhancement Guides become available.  

Audience & Scope

Capacity Enhancement Guides target audiences are primarily cybersecurity and IT leadership, mid-level management, and technical personnel at federal agencies.

Capacity Enhancement Guides for Non-Federal Organizations


Non-Federal Capacity Enhancement Guides provide the same type of actionable recommendations, best practices, and operational insights but tailored to non-federal government organizations (e.g. state and local governments, NGO, and private sector organizations). This page will be updated with new capacity enhancement guides as they become available.

Audience & Scope

CISA’s non-federal Capacity Enhancement Guides are developed with state and local government, along with the private industry sector, in mind. The product audiences include, but are not limited to, cybersecurity and IT executives, mid-level management, and technical personnel at non-federal government organizations.

Contact Info

For questions about these guides and other CISA services available to federal agencies, please contact

Trusted Internet Connections (TIC)

Since 2007, the Trusted Internet Connections (TIC) initiative has redefined federal cybersecurity by consolidating network connections and enhancing visibility and security measures throughout the federal network. In accordance with the Office of Management and Budget (OMB) Memorandum (M) 19-26: "Update to the TIC Initiative," TIC 3.0 expands on the original initiative by leveraging modern security practices and technology to secure a wide range of agency network architectures. Compared to previous iterations of the TIC program, TIC 3.0 is highly iterative, meaning the guidance continually reflects modern processes and technological innovations as they become available. TIC 3.0 recognizes shifts in modern cybersecurity and assists agencies in adoption, while recognizing their challenges and constraints in modernizing IT infrastructure. 

National Cybersecurity Protection System (NCPS)

One of CISA's missions is to improve the cybersecurity posture of the Federal Civilian Executive Branch (FCEB) and other partners by facilitating the integration of various cybersecurity technologies, products, and services. To meet that mission need, CISA designs, develops, deploys, and sustains the National Cybersecurity Protection System (NCPS), which provides capabilities that combat and mitigate cyber threats to FCEB information and networks.

NCPS is an integrated system-of-systems that delivers a range of capabilities, such as intrusion detection, analytics, information sharing, and intrusion prevention. These capabilities provide a technological foundation that enables CISA to secure and defend the FCEB IT infrastructure against advanced cyber threats. NCPS advances CISA’s responsibilities as delineated in the Comprehensive National Cybersecurity Initiative.

One of CISA’s key technologies within NCPS is EINSTEIN. The goal of the NCPS EINSTEIN set of capabilities is to provide the federal government with an early warning system, improved situational awareness of intrusion threats to FCEB networks, near real-time identification of malicious cyber activity, and prevention of that malicious cyber activity.

For questions concerning NCPS, please contact the NCPS Program Office.

Continuous Diagnostics and Mitigation (CDM)

DHS’s Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.

CISA Central

CISA Central's mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation's flagship cyber defense, incident response, and operational integration center.

Since 2009, CISA Central has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center. CISA Central shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.

CISA Central brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nation’s networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, CISA Central operates the NCPS, which provides intrusion detection and prevention capabilities to covered federal departments and agencies.

Federal Information Security Management Act (FISMA) Reporting

DHS works collaboratively with federal agencies to build upon the metrics established in previous fiscal years and incorporates updates to ease Federal Information Security Management Act (FISMA) reporting. Current year FISMA documents can be found here.

High Value Asset Program Management Office (HVA PMO)

The Federal High Value Asset (HVA) Program Management Office (PMO) is responsible for ensuring the Federal Civilian Government’s most critical information systems, or HVA systems, are accurately identified, prioritized, and protected against evolving cyber threats. To achieve this vision, the PMO focuses on three primary goals:

  • Ensure the most critical information systems are identified as High Value Assets for adequate protection
  • Provide visibility into cybersecurity posture of High Value Assets to Authorizing Officials and relevant stakeholders
  • Establish effective and efficient whole-of-government approach to securing the most critical information systems
Last Updated Date: October 5, 2022

Was this webpage helpful?  Yes  |  Somewhat  |  No