CISA Announces New Vulnerability Disclosure Policy (VDP) Platform

Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification, Management, and Remediation”. This Directive reflects CISA’s commitment to strengthening cybersecurity and resilience for federal civilian agencies by requiring agencies to establish policies enabling the public to contribute and report vulnerability disclosures. Recognizing that policies alone are not sufficient, we also announced plans to launch a vulnerability disclosure platform service in the near future. Today, the future arrived.   

CDM Success Stories: Cybersecurity and Infrastructure Security Agency (CISA)

The Cybersecurity and Infrastructure Security Agency (CISA) deployed an industry-leading privileged access management (PAM) tool as part of its CDM implementation to transition the 30 disparate information systems it managed into a cohesive enterprise-wide approach. With this tool, CISA’s security operations team found an effective solution for the results they desired and gained visibility and enhanced security throughout their organization.

CDM Success Stories: Department of Health and Human Services (HHS)

The Department of Health and Human Services (HHS) worked with CDM to quickly address heightened concern about pandemic-related data security by strengthening its cybersecurity threat intelligence and response mechanisms.

“The CDM program gave us every resource we needed to defend the department while working on a vaccine to help the American public.” – HHS CISO

Cyber Games

CISA and the Pacific Northwest National Laboratory partnered to develop a series of educational cybersecurity games available on mobile devices for adults and children. Each game presents simulated cybersecurity threats, defenses, and response actions. The games are available for download on Android and Apple iOS devices.


Chinese Cyber Threat Overview and Actions for Leaders

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that the People’s Republic of China (PRC) leverages cyber operations to assert its political and economic development objectives. Chinese state-sponsored cyber actors aggressively target U.S. and Allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, emerging and key technology, intellectual property, and personally identifiable information (PII).

State, Local, Tribal & Territorial Indicators of Compromise Automation Pilot Fact Sheet

In 2019, CISA awarded a cooperative agreement to the Johns Hopkins University Applied Physics Laboratory (JHU/APL) to conduct a pilot project with State, Local, Tribal, and Territorial (SLTT) governments to enhance their cybersecurity defenses and rapidly respond to Indicators of Compromise (IOCs) through the development of Security Orchestration, Automation and Response (SOAR) workflows and guides. JHU/APL successfully conducted the pilot project with Arizona, Louisiana, Massachusetts, Texas, Maricopa County, and the Multi-State Information Sharing and Analysis Center.


CISA analyzes and maps—to the MITRE ATT&CK® framework—the findings from the Risk and Vulnerability Assessments (RVA) we conduct each fiscal year (FY). These analyses include: