Incident Detection, Response, and Prevention
Overview
Cyber incidents are capable of demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Because of this risk, all organizations and even individuals should have clear, executable cyber incident detection, response, and prevention strategies. Cyber attacks are evolving and becoming increasingly complex and hard to detect. By working with all levels of government and the private sector, CISA understands the broad range of cyber vulnerabilities and offers the tools and resources needed to detect, respond to, and prevent cyber incidents accurately and effectively.
CISA’s Role
When cyber incidents occur, CISA provides response efforts to mitigate spread of the attack and secure critical infrastructure components. CISA works in close coordination with other agencies with complementary cyber missions, as well as private sector and other non-federal owners and operators of critical infrastructure, to ensure greater unity of effort and a whole-of-nation response to cyber incidents.
We provide awareness of vulnerabilities, mitigation, and prevention steps to American homes and organizations, and have programs dedicated to helping impacted organizations. We also work to notify relevant stakeholders of elevated risk exposure, conduct incident management operations, provide vulnerability assessments, and directly deploy risk management information, tools, and technical services to mitigate risk, including regulatory enforcement where authorized.
Featured Content
Situational Awareness and Incident Response (SAIR) Program
Obtain products and services that address gaps in the long-term security posture of the federal government using the SAIR program's federal enterprise awareness and incident response capabilities.
Continuous Diagnostics and Mitigation (CDM) Program
Improve your security posture with CDM program cybersecurity tools, integration services, and dashboards designed to dynamically fortify the cybersecurity of government networks and systems.
Free Cybersecurity Services & Tools
Proactively reduce exposure to threats and mitigate attack vectors with CISA's free cybersecurity services and tools.
CISA Releases Directive on Reducing the Significant Risk of Known Exploited Vulnerabilities
Learn how to use CISA's Known Exploited Vulnerability (KEV) catalog to protect your organization and build a collective resilience across the cybersecurity community.
CISA in Action
Discover how CISA's incident detection, response, and prevention strategies and recommendations help ensure the security of our nation.
Incident Detection, Response, and Prevention Training
CISA offers a variety of trainings to help you and your organization proactively prepare for and rapidly respond to cyber incidents.
Strengthen Your Resolve - Understanding DNS Attacks
Incident Response and Awareness Training
Services
CISA services offer tailored expertise and guidance based on your organization's needs and requirements.
Cyber Threat Hunt Assessment
Vulnerability Disclosure Policy (VDP) Platform
Resources, Tools, and Publications
CISA offers guides, tools, and other resources to support incident detection, response, and prevention.
The KEV Catalog
Incident Reporting System
Cyber Incident Detection and Notification Planning Templates for Election Security
Report an Incident
Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include:
- Attempts to gain unauthorized access to a system or its data
- Unwanted disruption or denial of service
- Abuse or misuse of a system or data in violation of policy
The definitions and reporting timeframes can be found in the Federal incident notification guidelines.