CISA Services Fact Sheet for Regions
Resources & Tools
For owners and operators of Critical Infrastructure across the country, CISA offers an array of free resources and tools, such as technical assistance, exercises, cybersecurity assessments, free trainings, and more. Our regionally based security advisors deliver a variety of risk management and support services that assess risk level and increase stakeholder resiliency. Visit cisa.gov/about/regions to contact us to speak with one of our security advisors who can guide you to the most impactful services for your organization’s unique needs.
Below is a sampling of the services provided by CISA regional offices. A comprehensive list of all services, tools, and publication from CISA is available here: cisa.gov/resources-tools.
Physical Security
CISA Assist Visits help critical infrastructure owners and operators understand how their service fits into a critical infrastructure sector and explain the CISA resources available to enhance their security and resilience.
CISA's Be Air Aware™ resources provide essential, ready-to-use information about UAS cyber and physical threats and steps to effectively manage risk to critical infrastructure and public gatherings.
ChemLock On-Site Assessments and Assistance Visits (OAAs)
ChemLock OAAs help facilities with dangerous chemicals identify the security risks presented by their on-site chemicals and offer tailored, scalable suggestions for security measures that work best for them. CISA’s ChemLock program offers options such as Security Awareness Consultations, Security Posture assessments and security planning visits
C-IED Technical Assistance Program (TAP)
The TAP strategically guides comprehensive Improvised Explosive Device (IED) incident risk management and provides preparedness assistance by leveraging resources from across the C-IED enterprise.
Infrastructure Survey Tool (IST)
The IST is a voluntary, web-based assessment to identify and document the overall security and resilience of a facility.
Infrastructure Visualization Platform (IVP)
The IVP is a data collection and presentation medium that combines immersive imagery, geospatial information, and hypermedia data of critical facilities and surrounding areas.
Interagency Security Committee Regional Advisors
CISA provides ISC support through its Regional Advisors, who are subject matter experts in the federal risk management process and assist federal stakeholders, their agencies and regional facilities apply the federal risk management process to enhance security, protection and resiliency. Although the federal risk management process is a federal tool, some state, local, territorial and tribal entities may find value in its application for large or numerous facility portfolios or campus environments.
The Interagency Security Committee (ISC) collaboratively establishes policies, monitors compliance, and enhances the security and protection of federal facilities. The ISC standards apply to all buildings and facilities in the United States occupied by federal employees for nonmilitary activities. The ISC’s library houses over 20 documents including its standards, policies, best practices, white papers, templates, and guides.
Regional Resiliency Assessment Program (RRAP)
A voluntary, cooperative assessment of specific critical infrastructure that identifies a range of security and resilience issues that could have regionally or nationally significant consequences.
Security Assessment at First Entry (SAFE)
The SAFE is a stand-alone assessment provided to critical infrastructure entities that features standard language, high level vulnerabilities, and options for consideration. It is designed to assess the current security posture and produce a report in under two hours.
Cybersecurity
CISA's Cyber Hygiene services help secure internet-facing systems from weak configurations and known vulnerabilities. These remote scanning and testing services help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.
Cybersecurity Performance Goal (CPG) Assessment
CISA's CPGs are a common set of practices all organizations should implement to kickstart their cybersecurity efforts. Small- and medium-sized organizations can use the CPGs to prioritize investment in a limited number of essential actions with high-impact security outcomes.
Cybersecurity Entity Notifications
CISA’s regional cybersecurity personnel conduct cyber-related notifications including administrative subpoena, vulnerability, preransomware, and cyber activity/incident notifications.
Emergency Communications
Public Safety Communications and Cyber Resiliency Toolkit
This interactive resource is kept up to date with the latest guidance to assist public safety agencies and others responsible for communications networks in evaluating current resiliency capabilities, identifying ways to improve resiliency, and developing plans for mitigating the effects of potential resiliency threats.
Priority Telecommunications Services
CISA offers three priority telecommunications services that enable essential personnel to communicate when networks are degraded or congested due to weather events, mass gatherings, cyberattacks or events stemming from human error. By signing up for all three priority services, organizations can significantly bolster their communications resiliency and emergency preparedness at little to no cost.
911 Cybersecurity Resource Hub
The SAFECOM/NCSWIC 911 Cybersecurity Resource Hub is a one-stop shop that compiles cybersecurity resources to make it easy for ECCs to report a cyber incident, find real-world case studies, access cybersecurity education and training opportunities, learn about best practices to identify and protect networks from cyberattacks, and more.
CISA Interoperable Communications Technical Assistance Program
CISA’s Interoperable Communications Technical Assistance Program (ICTAP) serves all 56 states and territories and provides direct support to state, local, tribal and territorial emergency responders and government officials through the development and delivery of training, tools, and onsite assistance to advance public safety interoperable communications capabilities.
Training & Exercises
CISA offers a wide array of free training programs to government and private sector partners. These web-based independent study courses, instructor-led courses, and associated training materials provide government officials and critical infrastructure owners and operators with the knowledge and skills needed to implement critical infrastructure security and resilience activities. CISA provides end-to-end exercise planning and conduct support to assist stakeholders in examining their cybersecurity and physical security plans and capabilities. See the complete list at cisa.gov/critical-infrastructure-training.
Active Shooter Preparedness Training
CISA offers a comprehensive set of courses, materials, and workshops to enhance preparedness against an active shooter threat, focusing on behaviors that represent warning signs and characteristics of active shooter incidents. They offer options to consider when preparing to protect against or mitigate the threat and discuss principles of recovery preparedness along with effective response actions that may be taken during an incident.
Chemical Sector Security Awareness Training
For Chemical sector facility owners and operators as well as their employees who are interested in increasing the security posture of their facilities, the Chemical Sector Security Awareness Training provides best practices and industry standards for ensuring safe storage, transfer and use of chemicals. This training will take 1 hour and should be taken by anyone with access to chemicals at the facility.
The ChemLock program offers live, on-demand training to assist chemical facility owners, operators, and personnel with understanding the threats presented by their on-site chemicals and what security measures can be put into place to reduce the risk of dangerous chemicals being weaponized.
Conflict Prevention Information Sessions
CISA hosts multiple information sessions tailored to offer strategies and techniques to assist with managing conflict and preventing incidents of targeted violence, including the Power of Hello, De-escalation, Personal Security Considerations, and Insider Threat Awareness and Mitigation.
Risk Management Process and Facility Security Committee Training
The Risk Management Process (RMP) and Facility Security Committee (FSC) Training provides an understanding of the Interagency Security Committee (ISC), the ISC Risk Management Process Standard, and the roles and responsibilities of FSCs. The course fulfills the necessary training requirements for FSC membership and is valuable for executives, managers, and personnel involved in making facility funding, leasing, security, or other risk management decisions. Participants receive continuing education units through the International Association for Continuing Education and Training upon completion of the course.
Counter-IED and Risk Mitigation Training
CISA offers a diverse curriculum of accredited training through multiple platforms to build Counter-Improvised Explosive Device (C-IED) capabilities. Topics include Bomb Threats, Suspicious Activity and Items, IED Awareness, Protective Measures and Planning and Preparedness.
CISA Tabletop Exercise Packages
A comprehensive set of resources designed to assist stakeholders in conducting their own exercises and initiating discussions within their organizations about their ability to address a variety of threat scenarios. The packages include the scenario-specific situation manual, planner handbook, facilitator/evaluator handbook, and assorted forms and templates. Facilities can also request CISA expertise in facilitating a live tailored tabletop exercise.
