- CERT Coordination Center
- DHS Cyber Resources
- Forum of Incident Response and Security Teams (FIRST)
- Homeland Open Security Technology (HOST)
- International Telecommunications Union, Cybersecurity Gateway
- National Council of ISACs
- National Cybersecurity and Communications Integration Center (NCICC)
- Organization of American States, Cyber Security Program
- Organization of Economic Cooperation and Development, Working Party on Information Security and Privacy
- Stop Think Connect™ (Department of Homeland Security)
- Stop Think Connect™ (National Cyber Security Alliance)
- National Vulnerability Database (NVD)
Search U.S. government vulnerability resources for information about vulnerabilities on your systems.
- Common Vulnerabilities and Exposures List (CVE)
Search vulnerabilities by CVE name or browse the US-CERT list of vulnerabilities for specific CVEs.
- Open Vulnerability Assessment Language (OVAL)
Identify vulnerabilities on your local systems using OVAL vulnerability definitions.
- National Infrastructure Advisory Council's Vulnerability Disclosure Framework
Tools and Techniques
- Build Security In
Collection of software assurance and security information to help software developers, architects, and security practitioners create secure systems
- Information Sharing Specifications
TAXII, STIX, and CybOX are technical specifications designed to enable automated information sharing for cybersecurity situational awareness, real-time network defense and sophisticated threat analysis.
- National Institute of Standards and Technology (NIST)
NIST offers Security Practices as well as Special Publications.
- Center for Education and Research in Information Assurance and Security (CERIAS)
- Operationally Critical Threat and Vulnerability Evaluation (OCTAVE)
Research and Guidelines
- Build Security In
- DHS Cyber Security R&D Center
- National Institute of Standards and Technology Special Publications
- Software Assurance: Community Resources and Information Clearinghouse
- Federal Cyber Service: Scholarship for Service Program (SFS)
The SFS program seeks to increase the number of skilled students entering the fields of information assurance and computer security.
- National Centers of Academic Excellence in Information Assurance Education
The Centers of Academic Excellence program strengthens higher education in information assurance programs to meet America's growing requirements for cybersecurity professionals.
Security at Home
- OnGuard Online
Provides practical tips from the Federal Government and technology industry to help consumers guard against Internet fraud, secure their computers, and protect personal information.
- Stay Safe Online
Sponsored by the National Cyber Security Alliance (NCSA) to promote safe behavior online
- The NetSmartz Workshop
Educational resource material for children and teens
- Stop Think Connect™
A national public awareness campaign aimed at increasing the understanding of cyberthreats and empowering the American public to be safer and more secure online.
Information Sharing and Analysis Centers (ISACs)
Information Sharing and Analysis Centers (ISACs) were established to allow critical sectors to share information and work together in an effort to protect our critical infrastructures and minimize vulnerabilities.
- Real Estate
Real Estate ISAC
- Research and Education
Research and Education Networking ISAC
National Coordinating Center for Telecommunications (NCC)
Surface Transportation ISAC
Policy and Government
- US-CERT Year In Review CY 2012
- US-CERT 2012 Trends In Retrospect
- Bottom-Up Review Report
- Comprehensive National Cybersecurity Initiative
- E-Government Act of 2002 including Title III - The Federal Information Security Management (FISMA) Act
The purpose of this Act is to enhance the management and promotion of electronic government services and processes. Title III of this act is the Federal Information Security Management Act of 2002. The E-Government Act permanently supersedes the Homeland Security Act in those instances where both Acts prescribe different amendments to the same provisions of the United States Code.
- IT Sector Baseline Risk Assessment
The ITSRA identifies and prioritizes national-level risks to critical functions delivered and maintained by the IT Sector and relied on by all critical infrastructure sectors. It validates the resiliency of key elements of the IT Sector's infrastructure and highlights strategies to address risks to enhance the resiliency and security of the IT Sector.
- National Infrastructure Protection Plan
- National Strategy to Secure Cyberspace
This document outlines an initial framework for both organizing and prioritizing efforts to protect against disruptions to our critical information systems and reduce vulnerabilities to cyberthreats. The Department of Homeland Security's National Cyber Security Division (NCSD) has been charged with coordinating the implementation of the strategy.
- Office of Management and Budget Guidance on FISMA
The subject of this memorandum is Reporting Instructions for the Federal Information Security Management Act and Updated Guidance on Quarterly IT Security Reporting.
- Presidential Homeland Security Issues
This web page describes the Presidential guiding principles for securing the United States from 21st-century threats.
- Quadrennial Homeland Security Review