These resources provide information to help first responders, and state, local, tribal, and territorial (SLTT) governments protect themselves from a variety of CISA-identified threats. This includes tools, trainings, informational materials, and additional resources to prevent, protect against, respond to, and mitigate security incidents.
Business Continuity and Preparedness
CISA Tabletop Exercise Packages
CISA has an extensive scenario library and ready-to-use exercise packages—known as CISA Tabletop Exercise Packages (CTEPs). Each CTEP is customizable and includes template exercise objectives, scenarios, and discussion questions, as well as a collection of references and resources. Available scenarios cover a broad array of cybersecurity and physical security topics such as ransomware, election security, industrial control systems, pandemic, vehicle ramming, insider threat, active assailant, small unmanned aircraft systems (sUAS), and natural disasters.
Convergence Action Guide
CISA defines convergence as formal collaboration between previously disjointed security functions. This guide describes the risks associated with siloed security functions, benefits of convergence, a flexible framework for aligning security functions, and several case studies.
COVID-19 Vaccine Distribution Physical Security Measures
Organizations involved in the development and distribution of the COVID-19 vaccine should take proactive measures to enhance their overall physical security posture. To achieve secure and resilient vaccine distribution, workers within the supply chain and vaccine recipients should use available resources to assess suggested mitigation methods against physical security attacks. To help meet this need, CISA created the COVID-19 Vaccine Distribution Physical Security Measures infographic. This product provides a list of physical security resources available to the public to help facility owners and operators enhance physical security to protect workers and individuals.
CISA Tabletop Exercise Packages Training Workshop
CISA Exercises hosts monthly workshops to provide an overview of the CISA Tabletop Exercise Packages (CTEPs) and assists partners in using the CTEPs in their organizations. The workshops provide an opportunity for stakeholders to ask questions and provide feedback on the CTEPs, as well as learn more about the variety of CTEPs available.
Stakeholder Exercise Planning and Conduct
CISA Exercises uses the Homeland Security Exercise and Evaluation Program (HSEEP) methodology to design, develop, conduct, and evaluate exercises ranging from small-scale, limited-scope, discussion-based exercises (e.g., two-hour seminars) to large-scale, internationally-scoped, operations-based exercises (e.g., multi-day, full-scale exercises).
Additional DHS Resources:
FEMA Center for Domestic Preparedness
The FEMA Center for Domestic Preparedness (CDP) provides advanced, all-hazards training to approximately 50,000 emergency responders annually from state, local, tribal, and territorial governments, as well as the federal government, foreign governments, and private entities. The scope of training includes preparedness, protection, and response.
FEMA Emergency Management Institute
The FEMA Emergency Management Institute (EMI) is the flagship training institution for the emergency management community and provides training to federal, state, local, tribal, volunteer, public, and private sector officials to strengthen core competencies for professional, career-long training.
Homeland Security Information Network-Critical Infrastructure
The Homeland Security Information Network (HSIN) serves as the primary information sharing platform between critical infrastructure sector stakeholders and government. HSIN-Critical Infrastructure (HSIN-CI) enables federal, state, local, and private sector critical infrastructure owners and operators to communicate, coordinate, and share sensitive and sector-relevant information to protect critical assets, systems, functions, and networks.
CISA Regional Services
This service helps critical infrastructure owners and operators understand their role and function in the broader critical infrastructure sector. Protective Security Advisors (PSAs) conduct these visits with critical infrastructure facility representatives to help build relationships and enhance communication.
CISA Regional Office Fact Sheets
CISA Regional Offices, located throughout the U.S., deliver trainings, exercises, programs, and other resources to critical infrastructure owners and operators.
Cybersecurity Advisors (CSAs) offer assistance to help prepare and protect private sector entities and state, local, tribal and territorial (SLTT) governments from cybersecurity threats. CSAs promote cybersecurity preparedness, risk mitigation, and incident response capabilities, working to engage stakeholders through partnership and direct assistance activities.
Infrastructure Survey Tool
Protective Security Advisors (PSAs) conduct this voluntary, web-based security survey with facility owners and operators to identify and document a facility's overall security and resilience.
Infrastructure Visualization Platform
This platform supports critical infrastructure security and response operations by integrating high-resolution, interactive data, as well as additional assessment information.
Protective Security Advisors
Protective Security Advisors (PSAs) engage with federal, state, local, tribal, and territorial (FSLTT) government partners, businesses, and critical infrastructure owners and operators in their regions to offer steady-state DHS risk mitigation tools, products, and services. PSAs also support National Special Security Events (NSSEs) and Special Event Assessment Rating (SEAR) events; assist with responses to all-hazard incidents through field-level coordination and information sharing; and provide expertise on reconstituting affected critical infrastructure.
Security Assessment at First Entry
The Security Assessment at First Entry (SAFE) tool is designed to help facility owners and operators evaluate current physical and operational security practices and explore opportunities to protect against threats. These assessments are conducted by Protective Security Advisors (PSAs) and provide a high-level review of the security posture and mitigation options for a facility.
Election Security Checklists and Guides
These checklists and guides are developed to help state and local officials safeguard election systems. These publications include incident handling, protecting against ransomware, and securing voter registration data, in addition to other resources.
Election Security Resource Library
This library provides state and local governments, election officials, campaigns, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks, and systems from cyber and physical threats.
Physical Security of Voting Locations and Election Facilities
This is a general guide with resources and four actionable steps to – Connect, Plan, Train, and Report – that election officials should consider to improve physical security and enhance resilience of election operations.
This was an outreach campaign to build trust and expertise while broadening state and local cybersecurity and physical security risk management efforts. CISA collaborated with officials across 8,000 election jurisdictions nationwide throughout the 2020 election season. CISA’s #Protect2020 efforts included engaging political campaigns, political parties, and political committees.
Identify Suspicious Behavior
Fact Sheet – Insider Threat Mitigation Program
This fact sheet provides resources to help organizations design a comprehensive program that protects against insider threats.
Insider Threat Mitigation Web Page
This web page explains ways to help organizations detect, assess, and manage insider threats before it can threaten the workforce.
Recognize Suspicious Small Unmanned Aircraft Systems Poster and Postcard
This poster and postcard explain how small unmanned aircraft systems (sUAS) are used for a range of tactical and recreational purposes, but can also be used to cause serious harm to individuals and infrastructure.
Suspicious Behavior Advisory Posters
These resources help businesses, first responders, and local governments identify suspicious activities and behaviors to prevent the illicit sale of explosive precursor chemicals and components. The posters are available under the Suspicious Activities and Bomb Threats – What to Do section of the TRIPwire website.
Prepare and Respond to Active Assailants
Active Shooter Recovery Guide
This guide provides information on establishing a recovery process and outlines the necessary actions for short-term and long-term recovery following an active shooter incident.
Emergency Services Sector Active Shooter Resource Guide
This guide helps emergency services personnel collaborate within communities to develop an Active Shooter Program. It highlights resources and planning considerations to enhance community planning and preparedness for active shooter incidents.
Mass Gatherings – Security Awareness for Soft Targets and Crowded Places
This guide identifies how businesses can prepare for and mitigate future attacks, including recommended protective measures and actions to consider.
Planning and Response to an Active Shooter: An Interagency Security Committee Policy and Best Practices Guide
This guide includes information and best practices for federal agencies that can also be applied more broadly in any active shooter situation.
Prevent and Respond to Bombings
Bomb-Making Materials Awareness Program
The Bomb-Making Materials Awareness Program (BMAP) is designed to promote bomb-making materials (BMM) awareness and reporting of suspicious activity to prevent the intentional misuse of common consumer goods to make improvised explosive devices (IEDs).
Bombing Prevention Lanyard Cards
These quick reference lanyard cards provide key reminders and actions related to bombing prevention, including recommended actions during a bombing incident.
Counter-Improvised Explosive Devices Training Courses
These courses provide general information and strategies to prevent, protect against, respond to, and mitigate bombing incidents. To request direct delivery trainings, please contact your local Protective Security Advisor (PSA) or email OBP@cisa.dhs.gov. For more information or a full list of counter-improvised explosive devices (C-IED) and Risk Mitigation trainings, visit the C-IED Training Courses Website or the C-IED and Risk Mitigation Training Fact Sheet.
DHS-Department of Justice Bomb Threat Guidance
This quick reference guide provides information on threat preparation, threat assessment considerations, staff response guidelines, and evacuation and shelter-in-place considerations.
Multi-Jurisdiction Improvised Explosive Device Security Planning
This program helps communities identify roles, responsibilities, and capability gaps, as well as optimize limited resources within a multi-jurisdictional planning area. The Multi-Jurisdiction Improvised Explosive Device Security Planning (MJIEDSP) process coordinates with area stakeholders to conduct briefings, trainings, data collection activities, and facilitated scenario-based workshops.
National Counter-Improvised Explosive Device Capabilities Analysis Database
This assessment program uses a consistent and repeatable methodology to assess and analyze units with counter-improvised explosive devices (C-IED) missions. National C-IED Capabilities Analysis Database (NCCAD) assessments measure capabilities and identify gaps across personnel, organization, equipment, training, and exercises required for effective prevention, protection, and response to IED threats.
Security and Resiliency Guide: Counter-Improvised Explosive Device Concepts, Common Goals, and Available Assistance
This guide and corresponding annexes provide individuals, businesses, first responders, and law enforcement with guidance to enhance preparedness for potential improvised explosive device (IED) incidents in their communities. The guide includes risk information, a framework of 10 common counter-IED (C-IED) preparedness goals, planning considerations, and available federal resources. It is complemented by five annexes with additional information relevant to venues at high risk for IED-related incidents, such as lodging, outdoor events, public assembly, and sports leagues and venues.
CISA’s Office for Bombing Prevention (OBP) developed and maintains TRIPwire, the DHS Technical Resource for Incident Prevention. It serves as a 24/7 collaborative information-sharing network for bomb squads, first responders, military personnel, government officials, intelligence analysts, and security professionals. TRIPwire combines expert analyses and reports with relevant documents, images, and videos gathered directly from terrorist source materials to help users anticipate, identify, and prevent Improvised Explosive Device (IED) incidents. The site requires registration to access information or partners can log in using a HSIN account.
What to Do – Bomb Threat: Bomb Threat Training Video
This video, developed in partnership with the University of Central Florida and International Association of Chiefs of Police, demonstrates what to do in the event of a phoned-in bomb threat.
What to Do – Training Video Series
This training video series (TVS) communicates threats posed by and how to react to improvised explosive devices (IEDs). This includes videos on suspicious vs. unattended items, bomb searches, surviving a bombing attack, and bomb threats.
Protect Against Small Unmanned Aircraft Systems
Cybersecurity Best Practices for Operating Commercial Small Unmanned Aircraft Systems
This guide provides cybersecurity best practices to help commercial operators protect their networks, information, and personnel. Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating small unmanned aircraft systems (sUAS) into their operational functions. Although sUAS offer benefits to their operators, they can also pose cybersecurity risks.
Protecting Against the Threat of Small Unmanned Aircraft Systems: An Interagency Security Committee Best Practice
This document outlines awareness and mitigation measures for federal departments and agencies to protect against malicious small unmanned aircraft systems (sUAS) operations.
Small Unmanned Aircraft Systems and Critical Infrastructure – Understanding the Risk Video
This video provides information on critical infrastructure challenges associated with small unmanned aircraft systems (sUAS), counter-UAS security practices, actions to consider for risk mitigation, and specific preparedness efforts for facilities and organizations. It can be found under the sUAS and Critical Infrastructure – Understanding the Risk tab.
Small Unmanned Aircraft Systems: Addressing Critical Infrastructure Security Challenges
This fact sheet provides an overview of small unmanned aircraft systems (sUAS) threats and actions owners and operators can take to protect their facilities.
Small Unmanned Aircraft Systems: Considerations for Law Enforcement Action
This guide provides an overview of small unmanned aircraft systems (sUAS), legal and operational considerations for law enforcement, and a list of additional resources.
Indicators of Suspicious Small Unmanned Aircraft Systems
This reference aid, provided through the Office for Bombing Prevention (OBP), aims to enhance situational awareness for those who may encounter a suspicious small unmanned aircraft systems (sUAS). The document can be found under OBP's Open Source Intelligence (OSINT) Team’s Emergency Responder Note (ERN) on TRIPwire.
Protect, Screen, and Allow Access to Facilities and Venues
Armed Contract Security Officers in Federal Facilities: An Interagency Security Committee Best Practice 2019
This Interagency Security Committee (ISC) resource recommends a set of minimum standards for armed contract security officers assigned to U.S. buildings and facilities occupied by federal employees for nonmilitary activities.
Best Practices for Managing Mail Screening and Handling Processes: A Guide for the Public and Private Sectors
This guide provides mail center security personnel with a framework for understanding and mitigating organizational risks linked to mail and packages they receive and deliver.
Crisis Event Response and Recovery Access Framework
The Crisis Event Response and Recovery Access (CERRA) framework provides guidance and recommendations for state, local, tribal, and territorial (SLTT) authorities on planning and developing an access management program. It includes mechanisms, tools, processes, and approaches for coordinating, approving, and enabling access during response and recovery operations.
Dams Sector Active and Passive Vehicle Barriers Guide
This guide assists dam owners and operators in understanding various types of active and passive vehicle barriers and how to incorporate them into their overall security plan. It also provides technical information to assist owners and operators in properly designing protective schemes and selecting vehicle barriers and their safety and security systems.
Facility Security Committees
This web-based training course provides federal personnel with an overview of Facility Security Committees (FSCs), including members, roles and responsibilities, and policies and procedures for operations and decision-making.
Levels of Protection and Application of the Design-Basis Threat
This For Official Use Only (FOUO) course informs federal personnel of security-related policies, programs, projects, and operations for their department or agency and the process to determine the facility security level (FSL) for a federal facility.
Interagency Security Committee Resources
These Interagency Security Committee (ISC) resources support and enhance security for federal, nonmilitary facilities. Many ISC policies, standards, and best practices can be applied to other venue and facility types.
Introduction to the Interagency Security Committee
This web-based training course provides an overview of the Interagency Security Committee (ISC) history, mission, and organization. The training also reviews the ISC Risk Management Process (RMP).
Occupant Emergency Programs: An Interagency Security Committee Guide
This guide helps department and agency security planners develop and review Occupant Emergency Programs for the safety and security of employees and visitors.
Overview of Interagency Security Committee Publications
This web-based training course provides an overview of Interagency Security Committee (ISC) facility security standards and policies and other documents that support the ISC Risk Management Process (RMP).
Risk Management Process for Federal Facilities – An Interagency Security Committee Standard
This guide defines the criteria and processes facility security personnel should use to determine facility security level (FSL) and provides an integrated, single source of physical security countermeasures for all federal facilities.
Risk Management Process for Federal Facilities – Facility Security Level Determination
This web-based training provides federal personnel with responsibilities for security-related policies, programs, projects, and operations for their department or agency with an overview of the process to determine facility security level (FSL).
The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard, Appendix A: The Design-Basis Threat Report
This 2020 report is an estimate of threats with impacts to federal facilities.
The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard, Appendix B: Countermeasures
This For Official Use Only (FOUO) report establishes a baseline set of physical security countermeasures for all federal facilities based on the designated facility security level (FSL). These countermeasures provide comprehensive solutions under six criteria of physical security.
The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard, Appendix C: Child-Care Center Level of Protection Template
This template specifies the customized level of protection (LOP) for a child-care center (CCC). It also offers implementation guidance for five potential scenarios, each detailing the relationship between the CCC and other federal facilities.
Vehicle-Borne Improvised Explosive Device Identification Guide and Video
This guide is designed for stakeholders tasked with identifying suspected vehicle-borne improvised explosive devices (VBIEDs) and provides instruction for vehicle search techniques for law enforcement, bomb squads, hazardous materials (HAZMAT) teams, and other emergency and security personnel. The Vehicle Inspection Guide, Vehicle Inspection Video, and VBIED Identification Guide are all available to registered users on TRIPwire.
Additional DHS Resources:
Homeland Security Grants
This site provides information on FEMA preparedness grants for state, local, tribal, and territorial (SLTT) governments in the form of non-disaster grants. These funds help grantees develop and sustain capabilities at the SLTT levels across the Nation's highest-risk transit systems, ports, and borders to prevent, protect against, respond to, recover from, and mitigate incidents linked to terrorism and other emergencies.
Safeguard and Secure Cyberspace
Avoiding Social Engineering and Phishing Attacks Security Tip
This security tip describes social engineering tactics, techniques, and procedures linked to cyber criminals. It also details common indicators related to social engineering attacks and how to avoid falling for these methods.
CISA Community Webinars
These cybersecurity webinars provide information on cyber risk management practices, tools, and procedures. Past webinars have focused on COVID-19 Response: Lessons Learned on Cybersecurity and Resilience in a Pandemic; Smart Cities; and 5G: Security and Vulnerabilities.
CISA Cyber Essentials
This campaign is for small businesses and local government agencies to understand and address cybersecurity risk. Cyber Essentials includes two parts – guiding principles to develop security culture and specific actions for leaders and IT professionals.
Cyber Resource Hub
This site provides cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other elements that comprise a robust cybersecurity strategy.
Cybersecurity Resources Road Map: A Guide for Critical Infrastructure – Small and Midsize Businesses
This guide helps businesses identify cybersecurity resources that best align with their needs.
Federal Virtual Training Environment
The Federal Virtual Training Environment (FedVTE) provides free online cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, and U.S. military veterans. Courses range from beginner to advanced levels and are mapped to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.