Best practices for agency cybersecurity managers, system administrators, and other technical staff to enhance their Federal Government department and agency’s security posture during remote working conditions.
Telework Best Practices (for Federal Government Employees)
Tip sheet from DHS and the NSA for Federal workers on the “Do’s” and “Don’ts” when working from home.
- Target Audiences: All government employees, contractors, and teleworkers
- Target Organizations: Federal agencies, State and Local government agencies
TIC 3.0 Interim Telework Guidance
To help secure the .gov during the unprecedented surge in telework, CISA released the TIC 3.0 Interim Telework Guidance document given the surge in teleworking. This document provides security capabilities for remote federal employees securely connecting to private agency networks and cloud environments.
- Target Audiences: Senior cybersecurity managers, network engineering staff
- Target Organizations: Federal agencies
Cybersecurity Recommendations for Federal Agencies Using Video Conferencing
Advisory guidance for Federal Departments and Agencies intended to support the incorporation of cybersecurity considerations when adopting or expanding the use of video conferencing software and related collaboration tools.
- Target Audiences: Senior cybersecurity managers, network engineering staff
- Target Organizations: Federal agencies
Top tips for safely using videoconferencing to ensure employees are only using approved tools and that their home networks are secured.
- Target Audiences: Small/Medium business managers, Federal employees, Teleworkers, Home users
- Target Organizations: General public, Small/Medium Business
Guidance for Securing Video Conferencing
CISA product line with cybersecurity principles and practices that individuals and organizations can follow to video conference more securely.
- Target Audiences: Small/Medium business managers, Federal employees, Teleworkers, Home users
- Target Organizations: General public, Small/Medium Business
Capacity Enhancement Guide: Remote Patch and Vulnerability Management on Federal Networks
The purpose of this document is to assist federal agencies with patching roaming devices, i.e., remote devices outside agency campus networks. This guide assists federal agencies in leveraging the TIC 3.0 Interim Telework Guidance to improve remote vulnerability management efforts to meet the growing demands on network capacity that may otherwise require an increase in bandwidth for existing internet service provider (ISP) or VPN services.
- Target Audiences: Senior cybersecurity managers, network engineering staff
- Target Organizations: Federal agencies
Capacity Enhancement Guide: Implementing Strong Authentication
Weak authentication is a common vulnerability for information systems—it is consistently one of CISA’s top five, most frequent findings for Federal High Value Asset systems. The purpose of this guide is to lay out the concept of authentication, recommend related security enhancements, and provide guidance to help plan and implement a strong authentication solution. Strong authentication is one of many pillars of a defense-in-depth cybersecurity strategy, but it is not the only solution to cybersecurity issues.
- Target Audiences: Senior cybersecurity managers, network engineering staff
- Target Organizations: Federal agencies
AA20-099A: COVID-19 Exploited by Malicious Cyber Actors
A joint alert from CISA and the United Kingdom’s National Cyber Security Centre (NCSC) that provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
Joint CISA and UK Tip on COVID-19 Cyber Threat Exploitation
This joint product from CISA and the United Kingdom’s National Cyber Security Centre (NCSC) provides practical advice for individuals and organizations on how to defend against COVID-19-related malicious cyber activity.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
AA20-120A: Microsoft Office 365 Security Recommendations
This Alert is an update to CISA’s May 2019 Analysis Report, AR19-133A: Microsoft Office 365 Security Observations, and reiterates the recommendations related to Microsoft Office 365 (O365) for organizations to review and ensure their newly adopted environment is configured to protect, detect, and respond against would be attackers of O365.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
AA20-073A: Enterprise VPN Security
Employers are using alternate workplace options during COVID-19, which has increased employers’ reliance on enterprise virtual private network (VPN) solutions to connect employees to an organization’s information technology (IT) network. This CISA Alert helps organizations adopt a heightened state of cybersecurity.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
ICSA-20-184-02: ABB System 800xA Information Manager
ICS-CERT Advisory detailing identified vulnerability that involves luring a user to a malicious website to potentially cause the Display Services functionality to stop or malfunction. The Advisory provides recommended baseline security practices and firewall configurations to help protect a network and its attached devices from attacks that originate from outside the network.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, Critical Infrastructure, Industrial Control Systems
AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
CISA Alert providing an update to a previous alert, which advised organizations to immediately patch CVE-2019-11510—an arbitrary file reading vulnerability affecting Pulse Secure virtual private network (VPN) appliances. This Alert provides new detection methods for this activity, including a CISA-developed tool that helps network administrators search for relevant indicators of compromise (IOCs).
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability
CISA Alert highlighting the continued threat to unpatched Pulse Secure VPN servers from malicious actors. The Alert strongly urges users and administrators to upgrade to the corresponding fixes in the face of likely continued attacks.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Small/Medium Business, Critical Infrastructure
AA20-031A: Detecting Citrix CVE-2019-19781
CISA Alert providing tools and technologies to assist with detecting the presence of cyber network exploitation (CNE) actors who have successfully compromised numerous organizations that employed vulnerable Citrix devices.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Critical Infrastructure
AA20-126A: APT Groups Target Healthcare and Essential Services
This joint alert from CISA and the United Kingdom’s National Cyber Security Centre (NCSC) addresses indications that advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic as part of their cyber operations. This alert highlights ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses.
- Target Audiences: Senior cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: Government agencies, SLTT, Critical Infrastructure, Healthcare Sector, Schools
ST05-003: Securing Wireless Networks
Security Tip addressing how to implement a security strategy to minimize the potential for exploitation of Internet-connected devices (i.e., Internet of Things) in our homes and home offices.
- Target Audiences: Cybersecurity managers, system/network engineering staff/administrators
- Target Organizations: General public, Federal government, SLTT
ST18-247: Securing Enterprise Wireless Networks
Security Tip outlining the security threats to our enterprise wireless networks, the steps we can take to minimize the risks to enterprise Wi-Fi networks, and other recommendations your organization can to take to secure your network.
- Target Audiences: Senior cybersecurity managers, network engineering staff
- Target Organizations: Government agencies, Industry
ST04-020: Protecting Portable Devices: Data Security
Security Tip discussing the importance of protecting the data on your laptop, PDA, or other portable devices.
- Target Audiences: Small/Medium business managers, Federal employees, Teleworkers, Home users
- Target Organizations: General public, Small/Medium Business