NCF Fact Sheet

The National Critical Functions (NCF) fact sheet provides an overview of the NCFs, how the NRMC has leveraged the NCF framework in response to emerging threats, and the ongoing effort to deepen the understanding of how NCFs operate.


CISA is conducting a limited pilot of Crossfeed, an asset discovery tool used to better understand the risks and status of the cyber infrastructure landscape on public-facing election infrastructure assets through the 2020 elections.

Cybersummit 2020 Day One: Key Cyber Insights

The CISA community has tremendous visibility into all aspects of cybersecurity, ranging from attacker activity to technological developments to the evolution of relevant law and beyond. These insights can help the community better understand and prepare for their challenges. This day examines a broad range of such insights, focusing on what we and our partners have seen occur and what we predict for the near future – and how we can prepare.
Last Updated Date: September 17, 2020

CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 20-01, which requires individual federal civilian executive branch (FCEB) agencies to develop and publish a vulnerability disclosure policy (VDP) for their internet-accessible systems and services, and maintain processes to support their VDP. This BOD is part of CISA’s agency-wide priority to make 2020 the “year of vulnerability management,” with a particular focus on making vulnerability disclos

Last Published Date: September 2, 2020

Improving Vulnerability Disclosure Together (Officially)

An open redirect – which can be used to give off-site malicious content the appearance of legitimacy – may not be on par with a fire, yet serious vulnerabilities in internet systems cause real-world, negative impacts every day. In many instances, a trained eye can spot critical deficiencies and yet have no one to report it to. It shouldn’t be hard to tell the government of potential cybersecurity issues — but it will be unless we’re intentional about making it easier.