U.S. Flag Official website of the Department of Homeland Security

Getting Started for Federal Government

As part of the C³ Voluntary Program’s evolving Government-to-Government engagement approach, the program will work with the Federal Government to engage the interagency community on use of the Framework.

On This Page:
Identify
Protect
Detect
Respond

Resources to Identify

Cybersecurity Evaluation Tool (CSET) and On-Site Cybersecurity Consulting

Industrial control systems security posture assessments, offered through CSET, a self-assessment tool. Features include a mapping to control systems standards based on the sector as well as a network architecture mapping tool. The tool can be downloaded for self-use or organizations can request a facilitated site visit, which could include basic security assessments, network architectural review and verification, network scanning using custom tools to identify malicious activity and indicators of compromise, and penetration testing. More information is available at: http://ics-cert.us-cert.gov/assessments.

Industrial Control Systems Computer Emergency Readiness Team (ICS-CERT) Recommended Practices

A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with the control systems community to ensure that the recommended practices are vetted by industry subject matter experts before being published. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response, and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices.  

National Cybersecurity Assessment & Technical Services (NCATS)

NCATS leverages existing “best in breed” cybersecurity assessment methodologies, commercial best practices and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk management guidance and recommendations. NCATS provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks. NCATS security services are available at no-cost to stakeholders and can range from one day to two weeks depending on the security services required. For more information, email: ncats_info@hq.dhs.gov

Federal Virtual Training Environment (FedVTE)

The FedVTE content library contains pre-recorded classroom cybersecurity training for Federal personnel. For more information, visit https://www.fedvte-fsi.gov/Vte.Lms.Web.

Back to Top

Resources to Protect

ICS-CERT Training

Training in industrial control systems at the overview, intermediate, and advanced levels, including web-based and instructor-led formats. More information on ICS-CERT training opportunities are available at: http://ics-cert.us-cert.gov/training-available-through-ics-cert

ICS-CERT Recommended Practices

A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with the control systems community to ensure that the recommended practices are vetted by industry subject matter experts before being published. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response, and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices

U.S. Computer Emergency Readiness Team (US-CERT) and ICS-CERT Alerts, Bulletins, Tips, and Technical Documents

Access to alerts, bulletins, tips, and technical documents published by ICS-CERT and US-CERT. ICS-CERT also offers an extensive bibliography of relevant standards and references.  Both sets of documents and references provide a better understanding of relevant control systems vulnerabilities and suggest measures critical infrastructure owners and operators can take to address them. More information on ICS-CERT and US-CERT alerts, bulletins, tips, and technical documents are available at: http://ics-cert.us-cert.gov and http://us-cert.gov.

Federal Network Resilience (FNR)

The FNR Branch collaborates across the Federal Government to enhance the Nation’s cybersecurity posture through long-term strategic prevention of attacks against Federal Civilian Executive Branch (FCEB) networks. FNR will support interagency collaboration on Framework use across the FCEB. This will occur as the C³ Voluntary Program develops additional resources over time to support Framework use by the Federal Government. For more information, visit: http://dhs.gov/federal-network-resilience.

National Cybersecurity Assessment & Technical Services (NCATS)

NCATS leverages existing “best in breed” cybersecurity assessment methodologies, commercial best practices and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk management guidance and recommendations. NCATS provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks. NCATS security services are available at no-cost to stakeholders and can range from one day to two weeks depending on the security services required. For more information, email: ncats_info@hq.dhs.gov

Federal Virtual Training Environment (FedVTE)

The FedVTE content library contains pre-recorded classroom cybersecurity training for Federal personnel. For more information, visit https://www.fedvte-fsi.gov/Vte.Lms.Web.

Information Systems Security Line of Business Security and Awareness Training

Information Systems Security Line of Business (ISSLoB) Security and Awareness Training (SAT) provides common suites of information systems security training products and services for the Federal Government. ISSLoB SAT standardizes skills and competencies in order to align with nationally recognized credentials, such as the Cybersecurity Framework and the National Initiative for Cybersecurity Education (NICE).  ISSLoB provides a repository of government sponsored or approved training products and sources that will reach all levels of government executives. For more information, visit: http://dhs.gov/information-systems-security-line-business-security-and-awareness-training.

Network Security Deployment (NSD)

NSD strives to improve the cybersecurity of Federal Government departments, agencies, and partners by delivering the technologies and services needed to fulfill the Department’s cybersecurity mission. NSD is responsible for designing, developing, acquiring, deploying, sustaining, and providing customer support for the National Cybersecurity Protection System (NCPS). NCPS satisfies aspects of the Department’s mission requirements under the Comprehensive National Cybersecurity Initiative by delivering intrusion detection, advanced analytics, information sharing, and intrusion prevention capabilities that diminish the potential impact of cyber threats. For more information, visit: http://dhs.gov/network-security-deployment.

National Security Agency (NSA) / Information Assurance Directorate (IAD) National Security Cyber Assistance Program

The NSA/IAD has established a National Security Cyber Assistance Program wherein commercial organizations can receive accreditation for cyber incident response services. This accreditation in Cyber Incident Response Assistance will validate that an organization has established processes, effective tools and knowledgeable people with the proper skill set and expertise to perform cyber incident response for national security systems. Visit http://www.nsa.gov/ia for more information or download best practices for keeping your home network secure at http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf.

Back to Top

Resources to Detect

Continuous Diagnostics and Mitigation (CDM)

The CDM program is a dynamic approach to fortifying the cybersecurity of computer networks and systems. Through the CDM program, DHS works with partners across the entire FCEB government to deploy and maintain an array of sensors for hardware asset management, software asset management and whitelisting, vulnerability management, compliance setting management and feed data about an agency’s cybersecurity flaws, and present those risks in an automated and continuously-updated dashboard.  CDM, which will also be available for State and local entities as well as the Defense Industrial Base Sector, provides our stakeholders with the tools they need protect their networks and enhances their ability to see and counteract day-to-day cyber threats.

DHS coordinates the national response to significant cyber incidents and maintains a common operational picture for cyberspace across the government. Part of that responsibility includes network intrusion detection and prevention technology under a program known as Einstein. When both programs are implemented, they will provide complementary protections across the dot-gov domain, further protecting the government’s infrastructure and the Nation’s data.

The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, understand the relative risks and threats, and help system personnel to identify and mitigate flaws at near-network speed. CDM program resources will also be mapped to the Framework. This will occur as the C³ Voluntary Program develops additional resources over time to support Framework use by the Federal Government. More information is available at: http://dhs.gov/cdm.

Federal Virtual Training Environment (FedVTE)

The FedVTE content library contains pre-recorded classroom cybersecurity training for Federal personnel. For more information, visit https://www.fedvte-fsi.gov/Vte.Lms.Web.

Network Security Deployment (NSD)

NSD strives to improve the cybersecurity of Federal Government departments, agencies, and partners by delivering the technologies and services needed to fulfill the Department’s cybersecurity mission. NSD is responsible for designing, developing, acquiring, deploying, sustaining, and providing customer support for the National Cybersecurity Protection System (NCPS). NCPS satisfies aspects of the Department’s mission requirements under the Comprehensive National Cybersecurity Initiative by delivering intrusion detection, advanced analytics, information sharing, and intrusion prevention capabilities that diminish the potential impact of cyber threats. For more information, visit: http://dhs.gov/network-security-deployment.

Back to Top

Resources to Respond

Cyber Incident Response and Analysis

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) offers incident response services to critical infrastructure asset owners that are experiencing impacts from cyber attacks. Services include digital media and malware analysis, identification of the source of an incident, analyzing the extent of the compromise, and developing strategies for recovery and improving defenses. Incident response teams also provide concepts for improving intrusion detection capabilities and ways to eliminate vulnerabilities and minimize losses from a cyber attack. For more information or to request response services, email: ics-cert@hq.dhs.gov.

National Security Agency (NSA) / Information Assurance Directorate (IAD) National Security Cyber Assistance Program

The NSA/IAD has established a National Security Cyber Assistance Program wherein commercial organizations can receive accreditation for cyber incident response services. This accreditation in Cyber Incident Response Assistance will validate that an organization has established processes, effective tools and knowledgeable people with the proper skill set and expertise to perform cyber incident response for national security systems. Visit http://www.nsa.gov/ia for more information or download best practices for keeping your home network secure at http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf.

Back to Top

Back to Top