The Cybersecurity and Infrastructure Security Agency (CISA) is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build a more secure and resilient infrastructure for the future.
CISA provides extensive cybersecurity and infrastructure security knowledge and practices to its stakeholders, shares that knowledge to enable better risk management, and puts it into practice to protect the Nation’s essential resources.
- Federal network protection
- Comprehensive cyber protection
- Infrastructure resilience and field operations
- Emergency communications
On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This landmark legislation elevated the mission of the former National Protection and Programs Directorate (NPPD) within the Department of Homeland Security (DHS) and established CISA, which includes the National Cybersecurity and Communications Integration Center (NCCIC).
Prior to the establishment of CISA, NCCIC realigned its organizational structure in 2017, integrating like functions previously performed independently by the U.S. Computer Emergency Readiness Team (US-CERT) and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Frequently Asked Questions
What is considered a computer security incident?
A computer security incident within the U.S. Federal Government is defined by CISA and the U.S. National Institute of Standards and Technology as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
Does CISA have incident reporting guidelines available?
Yes, CISA's Incident Notification Guidelines provide guidance for submitting notifications to CISA.
What types of informational products does CISAC offer? How do I sign up to receive these products?
CISA shares timely, actionable information to the broadest extent possible. Subscriptions are available to all users for the following products:
- Current Activity entries provide up-to-date information about high-impact types of security activity affecting the community at large.
- Alerts provide timely information about current security issues, vulnerabilities, and exploits.
- Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
- Tips provide advice about common security issues for the general public.
- Analysis Reports provide in-depth analysis on a new or evolving cyber threat.
- Industrial Control Systems Alerts provide timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks.
- Industrial Control Systems Advisories provide timely information about current industrial control systems (ICS) security issues, vulnerabilities, and exploits
CISA also co-sponsors the NVD—the U.S. Government’s repository of standards-based vulnerability management data.
How do I report a vulnerability?
- To report an Information Technology vulnerability, visit https://www.us-cert.gov/report.
- To report an ICS vulnerability, email NCCICCUSTOMERSERVICE@hq.dhs.gov or call 1-888-282-0870.
- Please encrypt emails that include sensitive information: To download the public key, visit https://ics-cert.us-cert.gov/sites/default/files/documents/ICS-CERT_PGP_Pub_Key.asc.
- Vulnerabilities can also be reported to the CERT Coordination Center (CERT/CC). CERT/CC is tasked by CISA to serve as a trusted third party in the vulnerability coordination and disclosure process. Report a vulnerability to CERT/CC at https://www.kb.cert.org/vuls/report. To view CERT/CC’s vulnerability disclosure policy, visit https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy.
What happens if I share my information with CISA?
As a global information exchange hub, CISA bears a significant responsibility to protect the information we receive and to ensure we safeguard privacy, business confidentiality, civil rights, and civil liberties. We take this responsibility extremely seriously, and we do everything in our power to earn our stakeholders’ trust by maintaining the confidentiality of sensitive information.
CISA routinely leverages the information sharing Traffic Light Protocol (TLP). TLP is not a classification tool, rather an intuitive schema to guide distribution according to relative risk.
CISA also serves as the Federal Government’s capability and process for receiving cyber threat indicators and defensive measures from non-federal entities under the Cybersecurity Information Sharing Act of 2015. Non-federal entities sharing cyber threat indicators and defensive measures with CISA in compliance with CISA’s requirements are eligible for multiple protections spelled out in the Cybersecurity Information Sharing Act of 2015. These include
- Liability protection for sharing cyber threat indicators;
- Exemption from disclosure under state and federal disclosure laws, including the Freedom of Information Act (FOIA);
- Exemption from state and federal regulatory uses;
- No waiver of applicable privileges, such as the attorney-client privilege;
- Treatment as commercial, financial, or proprietary information when so designated by the submitter;
- Ex parte communications waiver; and
- Exemption from federal antitrust laws.
For more information, consult the Non-Federal Entity Sharing Guidance under the Cybersecurity Information Sharing Act of 2015, posted at https://www.us-cert.gov/ais.
In addition, entities can submit information for protection under the Critical Infrastructure Information Act of 2002. Once validated by DHS as Protected Critical Infrastructure Information (PCII), this information is protected from:
- Exemption from disclosure under state and federal disclosure laws, including the FOIA;
- Protection from use in regulatory actions; and
- Protection from use in civil litigation.
Only trained and certified federal, state, and local government employees or contractors may access PCII and only in accordance with strict safeguarding and handling requirements. In all instances, CISA prioritizes the security and privacy of information when sharing with its partners.
Who are CISA’s partners?
CISA exchanges information across the global cybersecurity and critical infrastructure community to improve the security of the Nation’s critical infrastructure and the systems and assets on which Americans depend. Partners with whom CISA may share anonymized information include U.S. federal agencies; private sector organizations; the research community; state, local, tribal, and territorial governments; and international entities.