Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium Businesses
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    CISA Administrative Subpoena
    Reporting Employee and Contractor Misconduct
    CISA GitHub
    Signature Verification
    Subpoena Process
Report a Cyber Issue
Breadcrumb
  1. Home
Share:
An illustration of a city on a blue background

Strategic Plan

The Cybersecurity and Infrastructure Security Agency’s (CISA) 2023-2025 Strategic Plan is the agency’s first, comprehensive strategic plan since CISA was established in 2018. This is a major milestone for the agency: The CISA Strategic Plan will focus and guide the agency’s efforts over the next three years.

The Strategic Plan builds on the foundation created through the CISA Strategic Intent published in August 2019 to guide the agency’s work and create unity of effort. In our role as the nation’s cyber defense agency and the national coordinator for critical infrastructure security, CISA works with critical infrastructure partners every day to address the evolving threat landscape.  

That approach is reflected in the CISA Strategic Plan, which focuses on how we will collectively reduce risk and build resilience to cyber and physical threats to the nation’s infrastructure. To achieve the outcome of reduced risk and increased resilience, the CISA Strategic Plan describes four ambitious goals. Three of these goals focus on “how” the agency will work to reduce risk and build resilience, while the fourth goal focuses internally to ensure the agency is in a strong position to execute the CISA Strategic Plan, working as One CISA.

An assortment of Strategic icons

With this in mind, the Strategic Plan sets CISA on a path over the next three years to drive change in four key areas:

  • First, we will spearhead the national effort to ensure the defense and resilience of cyberspace. Serving as America’s cyber defense agency, we will spearhead the national effort to defend against cyber threat actors that target U.S. critical infrastructure, federal and SLTT governments, the private sector, and the American people. CISA must lean forward in our cyber defense mission toward collaborative, proactive risk reduction. Working with our many partners, it is CISA’s responsibility to help mitigate the most significant cyber risks to the country’s National Critical Functions, both as these risks emerge and before a major incident occurs.
  • Second, we will reduce risks to, and strengthen the resilience of, America’s critical infrastructure. Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. CISA coordinates a national effort to secure and protect against critical infrastructure risks. This national effort is centered around identifying which systems and assets are truly critical to the nation, understanding how they are vulnerable, and taking action to manage and reduce risks to them. We serve as a key partner to critical infrastructure owners and operators nationwide to help reduce risks and build their security capacity to withstand new threats and disruptions, whether from cyberattacks or natural hazards and physical threats.
  • Third, we will strengthen whole-of-nation operational collaboration and information sharing. At the heart of CISA’s mission is partnership and collaboration. Securing our nation’s cyber and physical infrastructure is a shared responsibility. We are challenging traditional ways of doing business and actively working with our government, industry, academic, and international partners to move toward more forward-leaning, action-oriented collaboration. We are also committed to growing and strengthening our Agency’s regional presence to more effectively deliver the assistance our stakeholders need.
  • And fourth, foundational to our success, we will unify as One CISA through integrated functions, capabilities, and workforce. We will succeed because of our people. We are building a culture of excellence based on core values and core principles that prize teamwork and collaboration, innovation and inclusion, ownership and empowerment, and transparency and trust. As one team unified behind our shared mission, we will “work smart” to operate in an efficient and cost-effective manner.

While the Strategic Plan highlights CISA’s overall measurement approach and representative outcomes for each objective, the agency is developing internal measures of performance and effectiveness to better track progress toward reducing risk and achieving its goals.

We invite you to read the full CISA Strategic Plan.

The publication cover of the CISA Strat Plan

Supporting CISA Strategic Plans

Stakeholder Engagement Strategic Plan

Working collaboratively across the agency, CISA developed the Stakeholder Engagement Strategic Plan to coordinate a unified approach to stakeholder engagement and partnerships that strengthen whole-of-nation operational collaboration and information.

Diversity, Equity, Inclusion and Accessibility (DEIA) Strategic Plan

 Our first diversity, equity, inclusion, and accessibility defined strategic plan, the CISA Diversity, Equity, Inclusion and Accessibility (DEIA) Strategic Plan. 

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback