Protecting Houses of Worship Resources

Using this Houses of Worship (HoW) Resource Page

This page is designed to guide you through a four-step process that can act as the building blocks for improving the security and safety of your organization’s congregants and facilities. By following these steps, you can easily develop a continuing security improvement cycle.

Step 1: Start the Process

Start the process by forming a team to manage your facility’s security improvements. The role of this team is to lead the coordination, planning, and implementation of security improvements to secure your faith-based facility.  Basic roles for the team include:

• Identify priorities and a vision of your facility’s future security
• Identify available support and resources who can assist in the process 
• Engage with local or state law enforcement and emergency planning agencies
• Become aware of local and regional threats and concerns
• Leading your organization through the security improvement process

Resources designed to inform the security planning team

Mitigating Attacks on Houses of Worship Security Guide

In this security guide, CISA analyzed ten years of targeted attacks on houses of worship to provide context to the enterprise-wide security recommendations. The case studies reviewed are examples of the breadth of threats a house of worship faces daily.

Protecting Houses of Worship Video

Today, houses of worship face a unique set of safety and security challenges that weren't there just a few years ago. This video was developed to inform the faith-based community of options for consideration to mitigate risk to places of worship and related facilities.

Hometown Security Report Series: Houses of Worship (May 2017)

Numerous studies estimate there are between 300,000 and 400,000 congregations in the United States. Many people believe or think a house of worship is a safe area where violence and emergencies cannot affect them. However, violence in a house of worship is not a new phenomenon, and many facilities are developing and updating security and emergency plans and procedures to ensure the safety and security of their congregations, visitors, staff, and facilities. 

CISA Protective Security Advisor Program

CISA operates the regionally based Protective Security Advisor (PSA) Program. PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts who facilitate local field activities in coordination with other Department of Homeland Security offices. They also advise and assist state, local, and private sector officials and critical infrastructure facility owners and operators. You can email them at central@cisa.dhs.gov.

Faith-Based Information Sharing and Analysis Organization (FB-ISAO)

The FB-ISAO is a trusted community within the inclusive, community of faith. The ISAO and its members maintain primary focus on sharing timely, actionable and relevant information with an all-hazards approach as incidents affecting the community come in the form of physical threats, cybersecurity issues, health outbreaks, and a variety of natural disasters. The FB-ISAO’s mission is to provide members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience.

Homeland Security Information Network

The Homeland Security Information Network (HSIN) is a trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, SLTT, and private sector partners can use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to perform their duties. CISA Central-developed products are available to registered stakeholders in authorized communities of interest. 

HSIN uses enhanced security measures, including verifying the identity of all users the first time they register and ensuring users use two-factor authentication each time they log on. HSIN leverages the trusted identity of its users to provide simplified access to a number of law enforcement, operations, and intelligence information sharing portals.

Service benefits include:

• alerts and notifications basic
• Learning Management System
• comprehensive HSIN training
• document repository
• geographic information system mapping
• instant messaging (HSIN chat)
• managed workflow capabilities
• secure messaging (HSIN Box)
• web conferencing (HSIN Connect)

For more information, or to become a member, visit dhs.gov/homeland-security-information-network-hsin or email HSIN.Outreach@hq.dhs.gov.

Step 2: Conduct an Assessment

When considering security risk, a vulnerability is a weakness which an adversary may take advantage to inflict an attack or inhibit your operations.  To assist with identifying these vulnerabilities, CISA recommends use of the following resources. While many times security and risk assessments area available from state or local governments or law enforcement agencies, however when not available CISA recommends use of the following resources to assist with identifying those security vulnerabilities.

Houses of Worship Security Self-Assessment and User Guide

The first step in developing a quality security (plan or program) and improving preparedness is assessing your organization or facility’s current risk. To begin that process CISA has developed a baseline security self-assessment that is designed to assist the minimally trained person through the assessment process.  Successful completion and review of the recommendations can provide a path towards lowering risk and improving security.   

• To make the self-assessment process easier CISA has developed an Interactive Tool which duplicates the data collected in the paper-based version of the Houses of Worship Security Self-Assessment.  When properly completed it will provide an electronic and paper-based report that can be used to more easily inform security planning and improvement decisions.  In addition to the easy to use report, based on your state guidance the report may be used to inform grant applications.

CISA Bombing Prevention Protective Measures Awareness Training

The Protective Measures Awareness course introduces how to identify and mitigate facility security gaps. This course provides foundational knowledge about risk management and the three rings of security: physical, procedural/technical, and intelligence protective measures.

Step 3: Implement Security Improvements

As a factor in reducing risk consequence, mitigation can be achieved through numerous processes. Two of the easiest ways to minimize the potential consequences is through security and emergency planning along with focused training of both staff and congregants. Use of the Federal Emergency Management Agency (FEMA) Guide for Developing High Quality Emergency Operations Plans for Houses of Worship along with the following resources can provide the building blocks for improving security and safety.

Securing Public Gatherings Web Presence

CISA fosters collaboration between the private and public sectors to mitigate risk and enhance the security and resilience of public gatherings, reducing the likelihood of a successful attack or, for those incidents that do occur, limiting the impacts to life and property. To help organizations mitigate potential risks in today’s dynamic and rapidly evolving threat environment, CISA provides a compendium of resources for securing public gatherings.

Active Assailant Security Resources

Active shooter incidents are often unpredictable and evolve quickly. In the midst of the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident. CISA aims to enhance preparedness through a "whole community" approach by providing products, tools, and resources to help you prepare for and respond to an active shooter incident

Personal Security Considerations

The CISA Personal Security Considerations Fact Sheet identifies behavioral and suspicious activity indicators and provides basic personal security measures to reduce the probability of becoming a victim of an attack.

Guide for Developing High Quality Emergency Operations Plans for Houses of Worship

In collaboration with several houses of worship and community partners (i.e., governmental entities that have a responsibility in the plan, including first responders, public health officials, and mental health officials), houses of worship can take steps to plan for these potential emergencies through the creation of an emergency operations plan (EOP).

FEMA Grants Programs

The US Department of Homeland Security through FEMA provides nonprofit security grants which are managed in partnership through each state’s Homeland Security Advisor’s office.  These competitive based grants provide funding to improve facility security, preparedness, and emergency planning. FEMA Grant information website   

Power of Hello

Industries face a variety of threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it. The power is in the employee, citizen, patron, or any person who can observe and report.

Used effectively, the right words can be a powerful tool. Simply saying “Hello” can prompt a casual conversation with unknown individuals and help you determine why they are there. The OHNO approach – Observe, Initiate a Hello, Navigate the Risk, and Obtain Help – helps employees observe and evaluate suspicious behaviors, and empowers them to mitigate potential risk, and obtain help when necessary.

Power of Hello Houses of Worship Guide

This more focused guide promotes employee vigilance for our houses of worship stakeholders. Alert personnel can better spot suspicious activity and actively report it. Keeping houses of worship facilities secure while sustaining the open and welcoming environment necessary for peaceful congregation requires a holistic approach to security.

What to Do - Bomb Threat

Bomb threats or suspicious items should always be taken seriously. How quickly and safely you react to a bomb threat could save lives, including your own.  The guidance and resources available here outline in-depth procedures for either bomb threats or suspicious items and will help you prepare and react appropriately during these events.

Security and Safety Symposium for Faith Based Communities

On October 27, 2020, the Federal Bureau of Investigation (FBI), The U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA), and the InfraGard National Capital Region held a Faith-Based Security and Safety Symposium webinar to discuss best practices and risk mitigation strategies for protecting houses of worship amid the COVID-19 pandemic.

CISA Cybersecurity Awareness Program

The faith-based community can be a target of cyber crime or incidents that deny access to information, render information unusable, or even disclose the personal information of congregants in the public domain.  The CISA Cybersecurity Awareness Program is a national public awareness effort aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.  

Step 4: Test Security Improvements

The final step in your initial security improvement cycle is testing and exercising what you have put in place. This could include some or all of the areas which you have improved or implemented new policies, physical barriers, or planning efforts which are designed to make your facility more secure and safe.  The lessons learned within your exercises should be used by the security planning team to inform the next reassessment and future planning as security is a continuing cycle and ongoing improvement and plan maintenance are a must ensure continued security and safety. The information within the webinar can provide another level of understanding and direction as you implement your security changes.

While exercises can be contracted through numerous private sector companies, most local, county, or state homeland security offices offer no cost exercises or resources which will allow you to participate in on-going programs or develop your own exercise. An additional resource is your local CISA Protective Security Advisor who can guide you through available resources and how to best use them and the results you identify.

CISA Tabletop Exercise Package (CTEP) Fact Sheet: Faith-Based Organizations

The CTEP program is designed to assist critical infrastructure owners and operators in developing their own tabletop exercises to meet the specific needs of their facilities and stakeholders. CTEP allows users to leverage pre-built exercise templates and vetted scenarios to build tabletop exercises to assess, develop, and update information sharing processes, emergency plans, programs, policies, and procedures.

FEMA Preparedness and Planning Resources

Across the United States, Americans congregate in faith-based venues to worship, learn, play, and bond as a community.  In coordination with interagency partners, the DHS Center for Faith-Based and Neighborhood Partnerships and FEMA established a website for faith-based organizations that serves as a “one-stop shop” for information on available Federal tools, resources, and assistance.

If you would like more information on upcoming webinars and resources from the DHS Center for Faith-Based and Neighborhood Partnerships, you may email Partnerships@fema.dhs.gov.

Houses of Worship Security Self-Assessment

Protecting House of Worship Video

Today, houses of worship face a unique set of safety and security challenges that weren't there just a few years ago. This video was developed to inform the faith-based community of options for consideration to mitigate risk to places of worship and related facilities.