US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.
US-CERT’s critical mission activities include:
- Providing cybersecurity protection to Federal civilian executive branch agencies through intrusion detection and prevention capabilities.
- Developing timely and actionable information for distribution to federal departments and agencies; state, local, tribal and territorial (SLTT) governments; critical infrastructure owners and operators; private industry; and international organizations.
- Responding to incidents and analyzing data about emerging cyber threats.
- Collaborating with foreign governments and international entities to enhance the nation’s cybersecurity posture.
In early 2000, Federal Government networks began to experience an alarming number of cyber breaches. In response, Congress created the Federal Computer Incident Response Center (FedCIRC) at the General Services Administration as a centralized hub of coordination and information sharing between federal organizations. With the creation of the Department of Homeland Security in 2002, Congress transferred these responsibilities to the new Department. In 2003, FedCIRC was renamed “US-CERT,” and its mission was expanded to include providing boundary protection for the federal civilian executive domain and cybersecurity leadership. This shared responsibility has evolved over time to make US-CERT a trusted partner and authoritative source in cyberspace for the Federal Government; SLTT governments; private industry; and international organizations.
Frequently Asked Questions
What is an “incident” exactly?
A computer security incident within the U.S. Federal Government is defined by US-CERT and the U.S. National Institute of Standards and Technology [http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf] as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
Do you have incident reporting guidelines available?
Yes, US-CERT’s Incident Notification Guidelines provides guidance for submitting notifications to US-CERT.
After US-CERT analyzes incident information, specialists publish reports, right? How can I subscribe to receive information directly to my inbox?
US-CERT shares timely, actionable information to the broadest extent possible.
Subscriptions are available to all users for:
- Weekly Vulnerability Bulletins, containing a summary of new vulnerabilities documented in the U.S. National Vulnerability Database (NVD) the week prior, as well as patch information when available.
- Technical Alerts, providing users with information about vulnerabilities, incidents, and trends that pose a significant risk, as well as mitigations to minimize loss of information and disruption of services.
- Current Activity entries, containing a concise description of an issue and associated actions that a user can take to diminish exposure.
- Tips, detailing issues with broad appeal to US-CERT’s constituents.
To receive one or more US-CERT products via email, visit our Mailing Lists and Feeds webpage.
US-CERT also co-sponsors the NVD—the U.S. Government’s repository of standards-based vulnerability management data.
How do I report a vulnerability?
Vulnerabilities can be reported to the CERT Coordination Center (CERT/CC) [https://vulcoord.cert.org/VulReport/]. CERT/CC is tasked by the U.S. Government to serve as a trusted third-party in the vulnerability coordination and disclosure process.
Do they have a vulnerability disclosure policy?
Absolutely – it’s available publically, here: http://www.cert.org/vulnerability-analysis/vul-disclosure.cfm.
What other policies do US-CERT and partners have in place to guide information sharing efforts?
To ensure sensitive but unclassified information is shared responsibly, US-CERT routinely leverages the information sharing Traffic Light Protocol (TLP). TLP is not a classification tool, rather an intuitive schema to guide distribution according to relative risk.
Who are US-CERT’s partners?
US-CERT exchanges information across a global CSIRT community to improve the security of the Nation’s critical infrastructure and the systems and assets on which Americans depend. Partners with which US-CERT may share information include U.S. federal agencies, private sector organizations, the research community, SLTT governments, and international entities. US-CERT is a member of the Forum for Incident Response and Security Teams.
I work within the CSIRT community, and I’m interested in joining the US-CERT team. How do I find information about opportunities at US-CERT?
Current position openings can be found on the US-CERT Career Opportunities page. Anyone can apply! No previous experience is required.
Our RFC 2350 Description