Active Assailant Emergency Action Plan

Active Assailant Emergency Action Plan Template and Instructional Guide

Provide organizations and venue operators with tangible guidance to assist users with developing a comprehensive and implementable emergency action plan (EAP).

Learn More
Guidance: Mitigation Strategies for Edge Devices: Executive Order

Mitigation Strategies for Edge Devices: Executive Guidance

Foreign adversaries routinely exploit software vulnerabilities in network edge devices. With U.S. and international partners, we released strategies and guides to help organizations protect their network edge devices and appliances.

Read the Guidance
Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

Read recommended actions and mitigations to detect and protect against exploitation of Ivanti vulnerabilities, CVE-2024-8963, CVE-2024-9379, CVE-2024-8190 and CVE-2024-9380.  

Read the Advisory
Unlocking Vulnrichment: Enriching CVE Data

Unlocking Vulnrichment: Enriching CVE Data

In today’s fast-paced cybersecurity landscape, staying ahead of vulnerabilities is a daily race against time. Every day, dozens to hundreds of new Common Vulnerabilities and Exposures are published, many of which affect critical systems.

Read the Blog
Secure by Design. Joint Guide. Product Security Bad Practices Version 2

Product Security Bad Practices Version 2

For software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This revised joint guide includes feedback from public comment period in 2024.

Read the Guide
Closing the Software Understanding Gap

Closing the Software Understanding Gap

Read how we can help close the gap and secure our infrastructure with a deep, scalable understanding of software-controlled systems, including AI-systems.  

Read the Report

News Updates

View More News

Latest Operational Information

View All Alerts & Advisories Subscribe to Updates

How can we help?

All Audiences
Main St, street sign

Find Help Locally

Contact your Region

Assist Visits

Protected Critical Infrastructure Information

IT professional working at computers

Industry

Secure by Design

Information Sharing: A Vital Resource

PCII Program modernized

Joint Cyber Defense Collaborative expands

A small business worker making a transaction with a customer

Small and Medium Businesses

Cyber guidance for small businesses

Supplementing passwords

Doing business with CISA

Teenager boy and classmates in high school computer class

Educational Institutions

School Safety

Cybersecurity for K-12

K-12 School Security Product Suite

Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats

All Audiences

JCDC unifies cyber defenders from organizations worldwide. This team proactively gathers, analyzes, and shares actionable cyber risk information to enable synchronized, holistic cybersecurity planning, cyber defense, and response.

JCDC

StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.

STOPRANSOMWARE

SAFECOM works to improve emergency communications interoperability across local, regional, tribal, state, territorial, international borders, and with federal government entities.

SAFECOM

Additional CISA Resources

Abstract image of a PCB overlayed with cyber design elements

CISA’s Federal Cyber Defense Skilling Academy

CISA’s Federal Cyber Defense Skilling Academy provides full-time federal employees an opportunity to focus on professional growth through an intense, full-time, three-month accelerated training program.

Image of an event with speaker and participants

CISA Events

CISA hosts and participates in events throughout the year to engage stakeholders, seek research partners, and communicate with the public to help protect the homeland.

CISA Services Catalog

A single resource that provides you with access to information on services across CISA’s mission areas.

Employees pictured during training session

CISA Training

As part of our continuing mission to reduce cybersecurity and physical security risk, CISA provides a robust offering of cybersecurity and critical infrastructure training opportunities.