The federal enterprise depends on information technology (IT) systems and computer networks for essential operations. These systems face large and diverse cyber threats that range from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious attacks are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems.
The Cybersecurity and Infrastructure Security Agency (CISA) works with each federal civilian department and agency to promote the adoption of common policies and best practices that are risk-based and able to effectively respond to the pace of ever-changing threats. As systems are protected, alerts can be issued at machine speed when events are detected to help protect networks across the government information technology enterprise and the private sector. This enterprise approach will help transform the way federal civilian agencies manage cyber networks through strategically sourced tools and services that enhance the speed and cost effectiveness of federal cybersecurity procurements and allow consistent application of best practices.
Capacity Enhancement Guide
Capacity Enhancement Guides for Federal Agencies
Purpose
Federal Capacity Enhancement Guides provide Federal Civilian Executive Branch agencies with actionable recommendations, best practices, and operational insights designed to address common challenges and build agency capacity to reduce cybersecurity risks. As the Nation’s cyber risk advisor, CISA is committed to supporting our partners as they build their capacity to defend against today’s cyber threats and to strengthen the resiliency of their networks for tomorrow. This page will be updated as new Capacity Enhancement Guides become available.
Audience & Scope
Capacity Enhancement Guide target audiences are primarily cybersecurity and IT leadership, mid-level management, and technical personnel at federal agencies.
Capacity Enhancement Guides for Non-Federal Organizations
Purpose
Non-Federal Capacity Enhancement Guides provide the same type of actionable recommendations, best practices, and operational insights but tailored to non-federal government organizations (e.g. state and local governments, NGO, and private sector organizations). This page will be updated with new capacity enhancement guides as they become available.
Audience & Scope
CISA’s non-federal Capacity Enhancement Guides are developed with state and local government, along with the private industry sector, in mind. The product audiences include, but are not limited to, cybersecurity and IT executives, mid-level management, and technical personnel at non-federal government organizations.
Contact Info
For questions about this guidance and other CISA services available to federal agencies, please contact CyberLiaison@CISA.dhs.gov.
National Cybersecurity Protection System (NCPS)
One of CISA's missions is to improve the cybersecurity posture of the Federal Civilian Executive Branch (FCEB) and other partners by facilitating the integration of various cybersecurity technologies, products, and services. To meet that mission need, CISA designs, develops, deploys, and sustains the National Cybersecurity Protection System (NCPS), which provides capabilities that combat and mitigate cyber threats to FCEB information and networks.
NCPS is an integrated system-of-systems that delivers a range of capabilities, such as intrusion detection, analytics, information sharing, and intrusion prevention. These capabilities provide a technological foundation that enables CISA to secure and defend the FCEB IT infrastructure against advanced cyber threats. NCPS advances CISA’s responsibilities as delineated in the Comprehensive National Cybersecurity Initiative.
One of CISA’s key technologies within NCPS is EINSTEIN. The goal of the NCPS EINSTEIN set of capabilities is to provide the federal government with an early warning system, improved situational awareness of intrusion threats to FCEB networks, near real-time identification of malicious cyber activity, and prevention of that malicious cyber activity.
For questions concerning NCPS, please contact ncpsprogramoffice@hq.dhs.gov.
Continuous Diagnostics and Mitigation (CDM)
DHS’s Continuous Diagnostics and Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritize these risks based upon potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, risk-based, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources.
National Cybersecurity and Communications Integration Center (NCCIC)
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) mission is to reduce the risk of systemic cybersecurity and communications challenges in our role as the Nation's flagship cyber defense, incident response, and operational integration center.
Since 2009, the NCCIC has served as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating our 24/7 situational awareness, analysis, and incident response center. The NCCIC shares information among the public and private sectors to provide greater understanding of cybersecurity and communications situation awareness of vulnerabilities, intrusions, incidents, mitigation, and recovery actions.
NCCIC brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nation’s networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, NCCIC operates the NCPS, which provides intrusion detection and prevention capabilities to covered federal departments and agencies.
Federal Information Security Management Act (FISMA) Reporting
DHS works collaboratively with federal agencies to build upon the metrics established in previous fiscal years and incorporates updates to ease Federal Information Security Management Act (FISMA) reporting. Current year FISMA documents can be found here.
High Value Asset Program Management Office (HVA PMO)
The Federal High Value Asset (HVA) Program Management Office (PMO) is responsible for ensuring the Federal Civilian Government’s most critical information systems, or HVA systems, are accurately identified, prioritized, and protected against evolving cyber threats. To achieve this vision, the PMO focuses on three primary goals:
- Ensure the most critical information systems are identified as High Value Assets for adequate protection
- Provide visibility into cybersecurity posture of High Value Assets to Authorizing Officials and relevant stakeholders
- Establish effective and efficient whole-of-government approach to securing the most critical information systems