Fact Sheets

Multi-factor authentication (MFA) 

Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. MFA increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database. 

Domain-Based Message Authentication, Reporting and Conformance (DMARC) 

The DMARC product was created to call attention to an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent. 

COVID-19 Checklist: Securing Your Business and Clinical IT 

CISA has created a cybersecurity checklist to assist healthcare delivery organization in mitigating vulnerabilities and protecting against malicious actors. Hospitals and healthcare facilities are facing cyber-attacks of varied sophistication, including criminal networks and nation states. Implementing these protocols, and instilling a culture of digital vigilance, will allow HDOs to focus on COVID vaccine and overall patient care priorities instead of the consequences of a cyber-incident. 

COVID-19 Vaccination Hesitancy within the Critical Infrastructure Workforce

The Risk to the Essential Critical Infrastructure Workforce

COVID-19 vaccination hesitancy within the critical infrastructure workforce represents a risk to our National Critical Functions and critical infrastructure companies and operations. Employers of workers within the critical infrastructure sectors are essential to reducing vaccine hesitancy within their workforce by becoming messengers of accurate, reliable, and timely information.

DHS OSAI-OBP Partnership Factsheet

The DHS Office of SAFETY Act Implementation (OSAI) and Office for Bombing Prevention (OBP) share a mutual DHS mission space: to help prepare venues, entities, and people to reduce risk and mitigate effects from large scale, catastrophic terrorist attacks by effectively using training and other integral layers of security to identify, detect, deter, respond to, or otherwise mitigate the impact or harm arising from an act of terrorism. OSAI and OBP have partnered to identify nationally accredited training products and services that meet the counter-terrorism needs of DHS stakeholders.

Unauthorized Drone Activity Over Sporting Venues

The Cybersecurity and Infrastructure Security Agency's (CISA) Unauthorized Drone Activity Over Sporting Venues presents options for sporting venue owners and operators to consider to prevent, protect from, and respond to unauthorized drone activity. CISA encourages sporting venue owners and operators to take proactive measures to enhance their security posture. Most instances of unauthorized drone operations near sporting venues are likely fans seeking real-time game footage.

DDoS Attacks on Election Infrastructure Can Hinder Access to Voting Information, Would Not Prevent Voting

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to raise awareness that Distributed Denial of Service (DDoS) attacks on election infrastructure can hinder access to voting information but would not prevent voting.

ICS Security Offerings

Industrial Control Systems (ICS) are important to supporting US critical infrastructure and maintaining national security. ICS owners and operators face threats from a variety of adversaries whose intentions include gathering intelligence and disrupting National Critical Functions.