Executive Order on Improving the Nation's Cybersecurity
Key points of and CISA's role in the Executive Order on strengthening the cybersecyrity of federal networks and critical infrastructure.
Securing Networks
CISA works with government and private sector entities to secure networks through an enterprise approach, enhancing the strength of all networks by sharing information.
Overview
Securing networks is a preventative measure in the fight against cybercrime and attacks. The federal enterprise depends on information technology (IT) systems and computer networks for essential operations. Keeping networks safe protects the vital information and operational processes that live and depend on these systems. Networks face large and diverse cyber threats that range from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious attacks are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems. Securing a network involves continuous monitoring, assessments, and mitigation across various interrelated components, including servers, the cloud, Internet of Things (IoT), internet connections and the many physical assets used to access networks.
CISA’s Role
CISA works with each federal civilian department and agency to promote the adoption of common policies and best practices that are risk-based and able to effectively respond to the pace of ever-changing threats. When networks are protected, alerts can be issued at machine speed to help protect related or similar networks across the government information technology enterprise and the private sector. CISA provides the coordinating efforts and broad reach needed to create an enterprise approach to securing networks. This enterprise approach transforms the way federal agencies and private sectors manage cyber networks through strategically sourced tools and services that enhance the speed and cost effectiveness of federal cybersecurity procurements and allow consistent application of best practices.
Featured Content
Continuous Diagnostics and Mitigation (CDM) Program
Improve your security posture with CDM program cybersecurity tools, integration services, and dashboards designed to dynamically fortify the cybersecurity of government networks and systems.
Trusted Internet Connections
Including new CISA guidance, tips, and use cases, TIC 3.0 reflects modern processes and technological innovations while recognizing the challenges and IT constraints of the federal government and its agencies.
Software Bill of Materials (SBOM)
SBOMs are key building blocks in software security and supply chain risk management. Learn how CISA is working to advance the software and security communities' understanding of SBOM creation, use, and implementation.
Secure Cloud Business Applications (SCuBA) Project
The SCuBA project provides guidance and capabilities to secure agencies’ cloud business application environments and protect federal information that is created, accessed, shared and stored in those environments.
CISA in Action
Discover the latest security tips and how CISA is keeping networks secure.
Check Pulse Connect Secure Products
APR 20, 2021
| PRESS RELEASE
CISA has observed active exploitation of vulnerabilities in Pulse Connect Secure products. CISA has determined that this exploitation of Pulse Connect Secure products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action.
Privacy and Mobile Device Apps
DEC 18, 2022
| BLOG
Apps on your smartphone or other mobile devices can put your privacy at risk.
Training
CISA offers a variety of trainings to help you and your organization secure your networks.
High Value Assets Assessment (HVA) Training
COURSE | OTHER
The High Value Assets (HVA) course is designed to empower students to evaluate the federal government’s approach to managing risk and to provide an unbiased, third-party review of the government’s most critical HVA’s cybersecurity posture and operations.
Innovation and Evolution of the CDM Dashboard
COURSE | VIRTUAL/ONLINE
This half-hour video provides an interview with Mr. Kevin Cox on the current state of the CDM program as well as an overview of the new CDM Agency Dashboard Ecosystem.
Services
CISA services offer tailored expertise and guidance based on your organization's needs and requirements.
Account Management
INCREASE YOUR RESILIENCE
Contact: esslob@hhs.gov
Ensure that a concept of separation of duties is implemented and logical access controls and account lockout/disabling controls are in place.
Foundational
Disaster Recovery Consultation, Documentation, & Testing
INCREASE YOUR RESILIENCE
Contact: iss_services@esc.gov
Obtain a customized contingency plan tailored for the unique needs and a structure of specific systems built in accordance with NIST 800-37 and 800-53.
Foundational
Cybersecurity Policy Support
OTHER
Contact: justiceitservices@usdoj.gov
Develop and maintain information security and privacy policies based on the most recent guidance from legislation, executive orders, directives, policies, regulations, and other technical standards.
Foundational
Creation/Maintenance of Security Documentation and/or Procedures
OTHER
Contact: esc-cyberservices@faa.gov
Create, update, and consult on information protection processes and procedures to develop the required documentation for a new or continuously monitored system needed for a security control assessment.
Foundational
Resources, Tools, and Publications
CISA offers guides, tools, and other resources to support network security.
Vulnerability Exploitability eXchange (VEX) Status Justification Document (June 2022)
JUN 01, 2022
| PUBLICATION
This resource provides the recommended NOT AFFECTED status justifications of a VEX document and offers the reader examples of when the different status justifications might be used.
CDM Program Shared Services Platform
DEC 17, 2020
| PUBLICATION
The CDM Shared Services Platform provides non-CFO Act agencies with access to CDM capabilities.
Layering Network Security Through Segmentation Infographic
PUBLICATION
Emphasizes importance of network segmentation for providing additional security and control to prevent/minimize the risks of a cyberattack.
Continuous Diagnostics and Mitigation (CDM) Program: AWARE
AWARE helps federal civilian agencies assess the size and scope of their cyber vulnerabilities so they can prioritize the highest risk issues.
Contact Us
Need CISA's help but don't know where to start?
Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.