Infrastructure Security

This fact sheet provides an overview of the Systemic Cyber Risk Reduction Venture and the importance of a risk-based approach to national cybersecurity.

Download and share this printer-friendly resource. Return to Systemic Cyber Risk Reduction Venture.

This is the fact sheet for the Infrastructure Survey Tool (IST).

This CISA Insights provides a framework that government and private sector organizations (to include small and medium-sized businesses) outsourcing some level of IT support to MSPs can use to better mitigate against third-party risk.

This resource provides an overview of Risk-Based Performance Standard (RBPS) 8 – Cyber and RBPS 15 – Reporting of Significant Security Incidents require facilities covered under the Chemical Facility Anti-Terrorism Standards (CFATS) program to establish protocols for identifying and reporting significant cyber incidents to appropriate facility personnel, local law enforcement, and the Cybersecurity and Infrastructure Security Agency (CISA).

This document is the unofficial redline of 6 CFR part 27 that shows the net effect of the Final Rule published in the Federal Register (86 FR 41889) that updates the regulatory language to reflect CISA's current organizational structure, as well as other non-substantive technical edits that clarify the Chemical Facility Anti-Terrorism Standards (CFATS) regulation.

The Business Case for Security is a resource that will help small and mid-sized businesses consider how they can sell the costs for security improvements to senior leaders and other organizational controllers of the purse strings. It provides statistical data on common physical and cybersecurity challenges, as well as suggestions for first steps and resources to assist organizations in bolstering their security postures.