U.S. Flag Official website of the Department of Homeland Security

Getting Started for State, Local, Tribal, and Territorial (SLTT) Governments

The resources below are available to State, local, tribal, and territorial governments. These resources have been aligned to the five Cybersecurity Framework Function Areas. Some resources and programs align to more than one Function Area. This page will be updated as additional resources – from DHS, other Federal agencies, and the private sector – are identified.

On This Page:
Identify
Protect
Detect
Respond

Resources to Identify

Cyber Resilience Review (CRR)

The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices. For additional information please see http://www.us-cert.gov/ccubedvp/self-service-crr.

Continuous Diagnostics and Mitigation (CDM)

The CDM program is a dynamic approach to fortifying the cybersecurity of computer networks and systems. Through the CDM program, DHS works with partners across the entire Federal Civilian Executive Branch (FCEB) government to deploy and maintain an array of sensors for hardware asset management, software asset management and whitelisting, vulnerability management, compliance setting management, and feed data about an agency’s cybersecurity flaws, and present those risks in an automated and continuously-updated dashboard. CDM, which will also be available for State and local entities as well as the Defense Industrial Base Sector, provides our stakeholders with the tools they need protect their networks and enhances their ability to see and counteract day-to-day cyber threats. More information is available at: http://dhs.gov/cdm.

Cybersecurity Evaluation Tool (CSET) and On-Site Cybersecurity Consulting

Industrial control systems security posture assessments, offered through CSET, a self-assessment tool.  Features include a mapping to control systems standards based on the sector as well as a network architecture mapping tool. The tool can be downloaded for self-use or organizations can request a facilitated site visit, which could include basic security assessments, network architectural review and verification, network scanning using custom tools to identify malicious activity and indicators of compromise, and penetration testing. More information is available at: http://ics-cert.us-cert.gov/assessments.

National Cyber Awareness System (NCAS)

The National Cybersecurity and Communications Integration Center (NCCIC) produces advisories, alert & situation reports, analysis report, current activity updates, daily summaries, indicator bulletins, periodic newsletters, recommended practices, Weekly Analytic Synopsis Product (WASP), weekly digests, and year in review to alert partners of emerging cyber threats, vulnerabilities, and current activities. Certain products such as alerts, current activity, bulletins, and tips are released through US-CERT’s NCAS. More information on obtaining NCAS products is available at:

Industrial Control Systems Computer Emergency Readiness Team (ICS-CERT) Recommended Practices

A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with control systems manufacturers, service providers, researchers, and end user community to ensure that the recommended practices are vetted by industry subject matter experts prior to publication. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response, and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices

U.S. Computer Emergency Readiness Team (US-CERT) and ICS-CERT Alerts, Bulletins, Tips, and Technical Documents

Access to alerts, bulletins, tips, and technical documents published by ICS-CERT and US-CERT. ICS-CERT also offers an extensive bibliography of relevant standards and references.  Both sets of documents and references provide a better understanding of relevant control systems vulnerabilities and the measures critical infrastructure owners and operators can take to address them. More information on ICS-CERT alerts, bulletins, tips, and technical documents is available at: http://ics-cert.us-cert.gov.

Cyber Security Advisors (CSAs)

CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and SLTT governments. CSAs offer immediate and sustained assistance to prepare and protect SLTT and private entities. CSAs bolster the cybersecurity preparedness, risk mitigation, and incident response capabilities of these entities and bring them into closer coordination with the Federal Government. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email cyberadvisor@hq.dhs.gov.

Protective Security Advisors (PSAs)

PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts. Regional Directors are Supervisory PSAs, responsible for the activities of eight or more PSAs and geospatial analysts, who ensure all Office of Infrastructure Protection critical infrastructure protection programs and services are delivered to Federal and SLTT stakeholders and private sector owners and operators. The PSA program focuses on physical site security and resiliency assessments, planning and engagement, incident management assistance, and vulnerability and consequence information sharing. For more information about PSAs, visit: http://dhs.gov/protective-security-advisors.

Back to Top

Resources to Protect

SLTT Cybersecurity Engagement Program

The Department’s Office of Cybersecurity and Communications (CS&C) Stakeholder Engagement & Cyber Infrastructure Resilience (SE/CIR) division established the SLTT Cybersecurity Engagement program to build partnerships with non-federal public stakeholders including governors, mayors, state Homeland Security Advisors (HSA), Chief Information Officers (CIO), and Chief Information Security Officers (CISO).

In order to advance the Department’s mission in protecting critical network systems and ensuring the use of the Internet as a resource to connect with American citizens, the SLTT Cybersecurity Engagement program fosters relationships that protect our Nation’s critical infrastructure.

The SLTT Cybersecurity Engagement Program can provide cybersecurity risk briefings and information on available resources to governors and other appointed and elected SLTT government officials. More importantly, the program can also assist these officials with identifying cybersecurity initiatives and partnership opportunities with federal agencies, as well as State and local associations, that will help protect their citizens online.

To learn more about available resources and programs for the SLTT government community, email slttcyber@hq.dhs.gov.

Multi-State Information Sharing & Analysis Center (MS-ISAC)

The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the Nation's SLTT governments. The MS-ISAC 24x7 cybersecurity operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response. To learn more, visit: http://msisac.cisecurity.org.  

ICS-CERT Training

Training in industrial control systems security at the overview, intermediate, and advanced levels, including web-based and instructor-led formats. More information on ICS-CERT training opportunities are available at: http://ics-cert.us-cert.gov/training-available-through-ics-cert.

ICS-CERT Recommended Practices

A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with the control systems community to ensure that the recommended practices are vetted by industry subject matter experts before being published. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response, and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices

National Cyber Awareness System (NCAS)

The National Cybersecurity and Communications Integration Center (NCCIC) produces advisories, alert & situation reports, analysis report, current activity updates, daily summaries, indicator bulletins, periodic newsletters, recommended practices, Weekly Analytic Synopsis Product (WASP), weekly digests, and year in review to alert partners of emerging cyber threats, vulnerabilities, and current activities. Certain products such as alerts, current activity, bulletins, and tips are released through US-CERT’s NCAS. More information on obtaining NCAS products is available at:

US-CERT and ICS-CERT Alerts, Bulletins, Tips, and Technical Documents

Access to alerts, bulletins, tips, and technical documents published by ICS-CERT and US-CERT. ICS-CERT also offers an extensive bibliography of relevant standards and references. Both sets of documents and references provide a better understanding of relevant control systems vulnerabilities and suggest measures critical infrastructure owners and operators can take to address them. More information on ICS-CERT and US-CERT alerts, bulletins, tips, and technical documents is available at: http://ics-cert.us-cert.gov and http://us-cert.gov.  

Cyber Security Advisors (CSAs)

CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and SLTT governments. CSAs offer immediate and sustained assistance to prepare and protect SLTT and private entities. CSAs bolster the cybersecurity preparedness, risk mitigation, and incident response capabilities of these entities and bring them into closer coordination with the Federal Government. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email cyberadvisor@hq.dhs.gov.

Protective Security Advisors (PSAs)

PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts. Regional Directors are Supervisory PSAs, responsible for the activities of eight or more PSAs and geospatial analysts, who ensure all Office of Infrastructure Protection critical infrastructure protection programs and services are delivered to Federal and SLTT stakeholders and private sector owners and operators. The PSA program focuses on physical site security and resiliency assessments, planning and engagement, incident management assistance, and vulnerability and consequence information sharing. For more information about PSAs, visit: http://dhs.gov/protective-security-advisors.

Stop.Think.Connect.™ Campaign

Launched in 2010, the Stop.Think.Connect.™ Campaign was created to empower Americans to reduce cyber risk online by incorporating safe habits into their online routines. The Campaign was conceived by a coalition of private companies, non-profits, and government organizations, including DHS, through the Anti-Phishing Working Group Messaging Convention and the National Cyber Security Alliance (NCSA). For more information on how to get involved, visit http://dhs.gov/stopthinkconnect or email stopthinkconnect@dhs.gov.

National Initiative for Cybersecurity Education (NICE)

Various cybersecurity education and awareness initiatives fall under the umbrella of NICE. This includes the National Initiative for Cybersecurity Careers and Studies (NICCS) Portal, which provides a variety of resources for awareness, training, education, and career development for cybersecurity professionals and the general public. More information is available at: http://niccs.us-cert.gov/education/education-home.

National Initiative for Cybersecurity Careers and Studies (NICCS) Portal

The NICCS portal is the Nation’s one-stop-shop for cybersecurity careers and studies. It connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management. More information is available at: http://niccs.us-cert.gov.  

Cybersecurity Workforce Planning Diagnostic

The Cybersecurity Workforce Planning Diagnostic tool, which was developed by NICE, introduces a qualitative management aid to help organizations identify the data they need to gather to execute effective cybersecurity workforce planning. By considering implications of specific organizational characteristics around two factors – risk exposure (as a function of mission cybersecurity dependence aligned to compliance standards) and risk tolerance – organizations will gain insight into what types of data they need to better plan for and manage their cybersecurity workforce. To learn more, visit: http://niccs.us-cert.gov/careers/cybersecurity-workforce-planning-diagnostic.

National Cybersecurity Workforce Framework

The National Cybersecurity Workforce Framework classifies the typical duties and skill requirements of cybersecurity workers. The Framework is meant to define professional requirements in cybersecurity, much as other professions, such as medicine and law, have done.

The Framework organizes cybersecurity into seven high-level Categories, each comprised of several Specialty Areas. Within each Category you'll find a list of Specialty Areas, and clicking on a Specialty Area will reveal the details about that Area. Each Specialty Area detail displays the standard tasks and the knowledge, skills, and abilities needed to successfully complete those tasks. To learn more about the Framework, visit http://niccs.us-cert.gov/training/tc/framework/overview

Network Security Deployment (NSD)

NSD strives to improve the cybersecurity of Federal Government departments, agencies, and partners, including State Governments, by delivering the technologies and services needed to fulfill the Department’s cybersecurity mission. NSD is responsible for designing, developing, acquiring, deploying, sustaining, and providing customer support for the National Cybersecurity Protection System (NCPS). NCPS satisfies aspects of the Department’s mission requirements under the Comprehensive National Cybersecurity Initiative by delivering intrusion detection, advanced analytics, information sharing, and intrusion prevention capabilities that diminish the potential impact of cyber threats. For more information, visit: http://dhs.gov/network-security-deployment.

Cybersecurity Service Offering Reference Aids

DHS’s National Protection and Programs Directorate (NPPD) has developed a list of freely-available reports and resources pertinent to managing the acquisition of cybersecurity services. It is not intended to be exhaustive, but covers a wide range of cybersecurity services including cloud service providers, cyber incident response, cloud computing, software assurance, and industrial control systems. While most of the recommendations and reports below are vendor-agnostic, some identify specific service providers that have met a certification criteria related to their service offerings. DHS does not endorse any particular service provider or offering.  Access the reference aids here: Cybersecurity Service Offering Reference Aids.

Back to Top

Resources to Detect

Continuous Diagnostics and Mitigation (CDM)

The CDM program is a dynamic approach to fortifying the cybersecurity of computer networks and systems. As the department responsible for securing unclassified SLTT civilian government networks—the “dot-gov” domain—DHS coordinates the national response to significant cyber incidents and maintains a common operational picture for cyberspace across the government. Part of that responsibility includes network intrusion detection and prevention technology under a program known as Einstein. When both programs are implemented, they will provide complementary protections across the dot-gov domain, further protecting the government’s infrastructure and the Nation’s data.

The CDM program provides capabilities and tools that enable network administrators to know the state of their respective networks at any given time, understand the relative risks and threats, and help system personnel to identify and mitigate flaws at near-network speed. CDM program resources will also be mapped to the Framework. This will occur as the C³ Voluntary Program develops additional resources over time to support Framework use by the SLTT governments. More information is available at: http://dhs.gov/cdm.

Multi-State Information Sharing and Analysis Center (MS-ISAC)

MS-ISAC has several services available to SLTT members. Managed Security Services (MSS) is compromised of the monitoring of two security devices. Netflow Monitoring and Analysis (Albert) is an automated process of collecting, correlating, and analyzing computer network security information across State Governments. The seven key Netflow fields are: source IP address, destination IP address, source port number, destination port number, protocol type, flags, and the router input interface. More information can be found at: http://msisac.cisecurity.org/about/services.

Network Security Deployment (NSD)

NSD strives to improve the cybersecurity of Federal Government departments, agencies, and partners, including State Governments, by delivering the technologies and services needed to fulfill the Department’s cybersecurity mission. NSD is responsible for designing, developing, acquiring, deploying, sustaining, and providing customer support for the National Cybersecurity Protection System (NCPS). NCPS satisfies aspects of the Department’s mission requirements under the Comprehensive National Cybersecurity Initiative by delivering intrusion detection, advanced analytics, information sharing, and intrusion prevention capabilities that diminish the potential impact of cyber threats. For more information, visit: http://dhs.gov/network-security-deployment.

Back to Top

Resources to Respond

Multi-State Information Sharing and Analysis Center (MS-ISAC)

The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the Nation's SLTT governments. The MS-ISAC 24x7 cybersecurity operations center provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response. SLTT government representatives who believe they are experiencing a cybersecurity event can report it to: http://msisac.cisecurity.org/about/incidents.  

Cyber Information Sharing and Collaboration Program (CISCP)

A no-cost information sharing partnership between enterprises and DHS, CISCP creates shared situational awareness across critical infrastructure communities, enhances cybersecurity collaboration between DHS and critical infrastructure owners and operators, and leverages government and industry subject matter expertise to collaboratively respond to cybersecurity incidents. For more information about CISCP, please email ciscp_coordination@hq.dhs.gov.

Cyber Security Advisors (CSAs)

CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and SLTT governments. CSAs offer immediate and sustained assistance to prepare and protect SLTT and private entities. CSAs bolster the cybersecurity preparedness, risk mitigation, and incident response capabilities of these entities and bring them into closer coordination with the Federal government. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email cyberadvisor@hq.dhs.gov.

Protective Security Advisors (PSAs)

PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts. Regional Directors are Supervisory PSAs, responsible for the activities of eight or more PSAs and geospatial analysts, who ensure all Office of Infrastructure Protection critical infrastructure protection programs and services are delivered to Federal and SLTT stakeholders and private sector owners and operators. The PSA program focuses on physical site security and resiliency assessments, planning and engagement, incident management assistance, and vulnerability and consequence information sharing. For more information about PSAs, visit: http://dhs.gov/protective-security-advisors.

Cyber Incident Response and Analysis

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) offers incident response services to critical infrastructure asset owners that are experiencing impacts from cyber attacks. Services include digital media and malware analysis, identification of the source of an incident, analyzing the extent of the compromise, and developing strategies for recovery and improving defenses. Incident response teams also provide concepts for improving intrusion detection capabilities and ways to eliminate vulnerabilities and minimize losses from a cyber attack. For more information or to request response services, email: ics-cert@hq.dhs.gov.

Cybersecurity Service Offering Reference Aids

DHS’s National Protection and Programs Directorate (NPPD) has developed a list of freely-available reports and resources pertinent to managing the acquisition of cybersecurity services. It is not intended to be exhaustive, but covers a wide range of cybersecurity services including cloud service providers, cyber incident response, cloud computing, software assurance, and industrial control systems. While most of the recommendations and reports below are vendor-agnostic, some identify specific service providers that have met a certification criteria related to their service offerings. DHS does not endorse any particular service provider or offering.  Access the reference aids here: Cybersecurity Service Offering Reference Aids.

Back to Top

Back to Top