U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Resources for Business

The resources below are available to businesses and aligned to the five Cybersecurity Framework Function Areas. Some resources and programs align to more than one Function Area. This page will be updated as additional resources from DHS, other Federal agencies, and the private sector are identified.

On This Page:
Identify
Protect
Detect
Respond
Recover

Resources to Identify

Cyber Resilience Review (CRR)

The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise practices  and procedures across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices. For additional information please see http://us-cert.gov/ccubedvp/self-service-crr.

Cybersecurity Evaluation Tool (CSET) and On-Site Cybersecurity Consulting

Industrial control systems security posture assessments, offered through CSET, a self-assessment tool. Features include a mapping to control systems standards based on the sector as well as a network architecture mapping tool. The tool can be downloaded for self-use or organizations can request a facilitated site visit, which could include basic security assessments, network architectural review and verification, network scanning using custom tools to identify malicious activity and indicators of compromise, and penetration testing. More information is available at: http://ics-cert.us-cert.gov/assessments.

Industrial Control Systems Computer Emergency Readiness Team (ICS-CERT) Recommended Practices

A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with control systems manufacturers, service providers, researchers, and end users to ensure that the recommended practices are vetted by industry subject matter experts prior to publication. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices.

National Cyber Awareness System (NCAS)

The National Cybersecurity and Communications Integration Center (NCCIC) produces advisories, alert & situation reports, analysis report, current activity updates, daily summaries, indicator bulletins, periodic newsletters, recommended practices, Weekly Analytic Synopsis Product (WASP), weekly digests, and year in review to alert partners of emerging cyber threats, vulnerabilities, and current activities. Certain products such as alerts, current activity, bulletins, and tips are released through US-CERT’s NCAS. More information on obtaining NCAS products is available at:

U.S. Computer Emergency Readiness Team (US-CERT) and ICS-CERT Alerts, Bulletins, Tips, and Technical Documents

Access to alerts, bulletins, tips, and technical documents published by ICS-CERT and US-CERT. ICS-CERT also offers an extensive bibliography of relevant standards and references. Both sets of documents and references provide a better understanding of relevant control systems vulnerabilities and the measures critical infrastructure owners and operators can take to address them. More information on ICS-CERT and US-CERT alerts, bulletins, tips, and technical documents is available at: http://ics-cert.us-cert.gov and http://us-cert.gov.  

Cyber Security Advisors (CSAs)

CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and State, local, territorial, and tribal (SLTT) governments. CSAs offer immediate and sustained assistance to prepare and protect SLTT and private entities. CSAs bolster the cybersecurity preparedness, risk mitigation, and incident response capabilities of these entities and bring them into closer coordination with the Federal Government. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email cyberadvisor@hq.dhs.gov.

Protective Security Advisors (PSAs)

PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts. Regional Directors are Supervisory PSAs, responsible for the activities of eight or more PSAs and geospatial analysts, who ensure all Office of Infrastructure Protection critical infrastructure protection programs and services are delivered to Federal and SLTT stakeholders and private sector owners and operators. The PSA program focuses on physical site security and resiliency assessments, planning and engagement, incident management assistance, and vulnerability and consequence information sharing. For more information about PSAs, visit: http://dhs.gov/protective-security-advisors.

Federal Emergency Management Agency (FEMA) Emergency Planning Exercises

The FEMA Private Sector Division, Office of External Affairs, introduced a series of tabletop exercises in 2010 as a tool to help private sector organizations advance their continuity, preparedness, and resiliency. Tabletop exercises are designed to help an organization test a hypothetical situation, such as a natural or man-made disaster, and evaluate the groups’ ability to cooperate and work together, as well as test their readiness to respond. To access the exercises, visit: http://www.fema.gov/emergency-planning-exercises.

An Intel Use Case for the Cybersecurity Framework in Action

Intel completed a pilot project to test the use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (the Framework) at their corporation.  The results of Intel’s Framework use include reusable tools and best practices; harmonized risk management methods, technologies, and language across the corporation and its supply chain; informed discussions about risk tolerance; more focused risk reduction activities; and improved visibility of the risk landscape.
The use case can be found here: http://www.intel.com/content/www/us/en/government/cybersecurity-framework-in-action-use-case-brief.html.

CyberChain Portal-Based Assessment Tool

This portal, managed by the University of Maryland Robert H. Smith School of Business Supply Chain Management Center, provides risk assessment tools, scenario based mapping tools, anonymous information sharing, and assessments to calculate factors such vulnerability and risk maturity capability. Tools also enable diagnosis of IT supply chain trouble spots and areas for improvement based on NIST guidelines. Learn more at https://cyberchain.rhsmith.umd.edu/.

Domain Name Services (DNS) Risk Assessment

This report describes how specific existing and emerging threats, technologies, and standards affect the risk profiles of the Information Technology (IT) Sector’s DNS and Internet routing critical functions. The results of this assessment can inform organizations utilizing the Cybersecurity Framework to assess their own risks, including the Identify – Business Environment and Identify – Risk Assessment Categories of the Framework. The report was developed by experts from industry and government under the sponsorship of the IT Sector Coordinating Council (SCC) and IT Government Coordinating Council (GCC), with the DHS Office of Cybersecurity and Communications (CS&C) serving as the Sector-Specific Agency (SSA).

Cloud Controls Matrix

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) is designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to tools including the NIST Cybersecurity Framework. The CSA CCM strengthens existing information security control environments by emphasizing business information security control requirements, reduces and identifies consistent security threats and vulnerabilities in the cloud, provides standardized security and operational risk management, and seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud. Learn more at https://cloudsecurityalliance.org/research/ccm/.


Back to Top
 

Resources to Protect

ICS-CERT Training

Training in industrial control systems security at the overview, intermediate, and advanced levels, including web-based and instructor-led formats. More information on ICS-CERT training opportunities are available at: http://ics-cert.us-cert.gov/training-available-through-ics-cert.

ICS-CERT Recommended Practices

A list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with control systems manufacturers, service providers, researchers, and the end user community to ensure that the recommended practices are vetted by industry subject matter experts prior to publication. Recommended practices cover topics such as defense-in-depth strategies, cyber forensics, and incident response, and are updated on a routine basis to account for emerging issues and practices. Access to recommended practices is provided through: http://ics-cert.us-cert.gov/introduction-recommended-practices.

National Cyber Awareness System (NCAS)

The National Cybersecurity and Communications Integration Center (NCCIC) produces advisories, alert & situation reports, analysis report, current activity updates, daily summaries, indicator bulletins, periodic newsletters, recommended practices, Weekly Analytic Synopsis Product (WASP), weekly digests, and year in review to alert partners of emerging cyber threats, vulnerabilities, and current activities. Certain products such as alerts, current activity, bulletins, and tips are released through US-CERT’s NCAS. More information on obtaining NCAS products is available at:

US-CERT and ICS-CERT Alerts, Bulletins, Tips, and Technical Documents

Access to alerts, bulletins, tips, and technical documents published by ICS-CERT and US-CERT. ICS-CERT also offers an extensive bibliography of relevant standards and references. Both sets of documents and references provide a better understanding of relevant control systems vulnerabilities and suggest measures critical infrastructure owners and operators can take to address them. More information on ICS-CERT and US-CERT alerts, bulletins, tips, and technical documents is available at: http://ics-cert.us-cert.gov and http://us-cert.gov.

Cyber Security Advisors (CSAs)

CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and SLTT governments. CSAs offer immediate and sustained assistance to prepare and protect SLTT and private entities.  CSAs bolster the cybersecurity preparedness, risk mitigation, and incident response capabilities of these entities and bring them into closer coordination with the Federal Government. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email cyberadvisor@hq.dhs.gov.

Protective Security Advisors (PSAs)

PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts. Regional Directors are Supervisory PSAs, responsible for the activities of eight or more PSAs and geospatial analysts, who ensure all Office of Infrastructure Protection critical infrastructure protection programs and services are delivered to Federal and SLTT stakeholders and private sector owners and operators. The PSA program focuses on physical site security and resiliency assessments, planning and engagement, incident management assistance, and vulnerability and consequence information sharing. For more information about PSAs, visit: http://dhs.gov/protective-security-advisors.

Cyber Information Sharing and Collaboration Program (CISCP)

A no-cost information sharing partnership between enterprises and DHS, CISCP creates shared situational awareness across critical infrastructure communities, enhances cybersecurity collaboration between DHS and critical infrastructure owners and operators, and leverages government and industry subject matter expertise to collaboratively respond to cybersecurity incidents. For more information about CISCP, please email ciscp_coordination@hq.dhs.gov and download an overview of CISCP.

Enhanced Cybersecurity Services (ECS)

The Department of Homeland Security’s (DHS) Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that helps U.S. based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. ECS works by sharing sensitive and classified cyber threat information with accredited Commercial Service Providers (CSPs). These CSPs in turn use that information to block certain types of malicious traffic from entering customer networks. ECS is meant to augment, but not replace, existing cybersecurity capabilities. All U.S.-based public and private organizations are eligible to enroll in ECS. Please contact the ECS CSPs for enrollment information:

General ECS information is available at: http://dhs.gov/enhanced-cybersecurity-services.

Stop.Think.Connect.™ Campaign

Launched in 2010, the Stop.Think.Connect.™ Campaign was created to empower Americans to reduce cyber risk online by incorporating safe habits into their online routines. The Campaign was conceived by a coalition of private companies, non-profits, and government organizations, including DHS, through the Anti-Phishing Working Group Messaging Convention and the National Cyber Security Alliance (NCSA). For more information on how to get involved, visit http://dhs.gov/stopthinkconnect or email stopthinkconnect@dhs.gov.

National Initiative for Cybersecurity Education (NICE)

NICE comprises various cybersecurity education and awareness initiatives, including the National Initiative for Cybersecurity Careers & Studies (NICCS) website, the premier online resource for cybersecurity training. NICCS connects Government employees, students, educators, and industry with cybersecurity training providers throughout the Nation. To learn more, please visit: https://niccs.us-cert.gov/formal-education

National Initiative for Cybersecurity Careers and Studies (NICCS) Website

The National Initiative for Cybersecurity Careers and Studies (NICCS) is the premier online resource for cybersecurity training. NICCS connects Government employees, students, educators, and industry with cybersecurity training providers throughout the Nation. To learn more, please visit: https://niccs.us-cert.gov.

The National Cybersecurity Workforce Framework

The National Cybersecurity Workforce Framework is a blueprint for categorizing and describing cybersecurity work into specialty areas, tasks, and knowledge, skills and abilities (KSA's).  The National Cybersecurity workforce framework provides a common language for defining and performing cybersecurity work that can be utilized by training providers, employers, educators, employees, and students.  Each Specialty Area detail displays the standard tasks and the knowledge, skills, and abilities needed to successfully complete those tasks. To learn more, please visit: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

National Security Agency (NSA) / Information Assurance Directorate (IAD) National Security Cyber Assistance Program

The NSA/IAD has established a National Security Cyber Assistance Program wherein commercial organizations can receive accreditation for cyber incident response services. This accreditation in Cyber Incident Response Assistance will validate that an organization has established processes, effective tools and knowledgeable people with the proper skill set and expertise to perform cyber incident response for national security systems. Visit http://www.nsa.gov/ia for more information or download best practices for keeping your home network secure at http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf.

Federal Communications Commission (FCC) Cybersecurity for Small Business

In October 2012, the FCC re-launched Small Biz Cyber Planner 2.0, an online resource to help small businesses create customized cybersecurity plans. Companies can use this tool to create and save a custom cybersecurity plan, choosing from a menu of expert advice to address specific business needs and concerns. The FCC also released an updated Cybersecurity Tip Sheet, a quick resource featuring new tips on creating a mobile device action plan and on payment and credit card security. For more information and to access these resources, visit http://www.fcc.gov/cyberforsmallbiz.

Cybersecurity Service Offering Reference Aids

DHS’s National Protection and Programs Directorate (NPPD) has developed a list of freely-available reports and resources pertinent to managing the acquisition of cybersecurity services. It is not intended to be exhaustive, but covers a wide range of cybersecurity services including cloud service providers, cyber incident response, cloud computing, software assurance, and industrial control systems. While most of the recommendations and reports below are vendor-agnostic, some identify specific service providers that have met a certification criteria related to their service offerings. DHS does not endorse any particular service provider or offering.  Access the reference aids here: Cybersecurity Service Offering Reference Aids.

Federal Emergency Management Agency (FEMA) Emergency Planning Exercises

The FEMA Private Sector Division, Office of External Affairs, introduced a series of tabletop exercises in 2010 as a tool to help private sector organizations advance their continuity, preparedness, and resiliency. Tabletop exercises are designed to help an organization test a hypothetical situation, such as a natural or man-made disaster, and evaluate the groups’ ability to cooperate and work together, as well as test their readiness to respond. To access the exercises, visit: http://www.fema.gov/emergency-planning-exercises.

Process Control System Security Guidance for the Water Sector

The American Water Works Association developed this guidance to provide water sector utility owners and operators with a consistent and repeatable recommended course of action to reduce vulnerabilities to cyber-attacks as recommended in ANSI/AWWA G430: Security Practices for Operations and Management and Executive Order 13636. The AWWA Guidance and Tool represents a voluntary, sector-specific approach for adopting the NIST Cybersecurity Framework as expressed by the Water Sector Coordinating Council. Download the guide at http://www.awwa.org/Portals/0/files/legreg/documents/AWWACybersecurityguide.pdf.

Cybersecurity 101: A Resource Guide for Bank Executives

The Conference of State Bank Supervisors (CSBS) published Cybersecurity 101: A Resource Guide for Bank Executives, a non-technical resource on cybersecurity that community bank CEOs, senior executives, and board members can use to help mitigate cybersecurity threats at their banks. The guide puts into one place industry-recognized standards and best practices for cybersecurity currently used within the financial services industry. Learn more and download the guide at http://www.csbs.org/news/press-releases/pr2014/Pages/pr-121714.aspx.

Small Firms Cybersecurity Guidance: How Small Firms Can Better Protect Their Business

The Securities Industry and Financial Markets Association (SIFMA) has developed this Small Firms Cybersecurity Guidance to provide information to small firms to increase their security and ensure the protection of their customers. The guide builds upon the NIST Cybersecurity Framework.  Firms can apply the best practices in this guide in a risk-based, threat-informed approach based on the resources available and in support of their firm’s overall business model. Learn more and download the guide at http://www.sifma.org/issues/operations-and-technology/cybersecurity/guidance-for-small-firms/.

NIST Cybersecurity Framework Explained

In this video, Rapid7 discusses and gives a brief overview of the NIST Cybersecurity Framework. Watch the video at http://www.rapid7.com/resources/videos/nist-cybersecurity-framework-explained.jsp.

Start with Security: A Guide for Business

This guide from the Federal Trade Commission (FTC) offers ten practical lessons businesses can learn from the FTC's 50+ data security settlements.Lessons include suggestions like “Start with security,” “Control access to data sensibly,” and “Require secure passwords,” each complete with detailed tips and explanations.The guide also links to online tutorials to help train employees, as well as publications to address particular data security challenges. To download the guide or order free copies, please visit https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business.


Back to Top
 

Resources to Detect

Cyber Information Sharing and Collaboration Program (CISCP)

A no-cost information sharing partnership between enterprises and DHS, CISCP creates shared situational awareness across critical infrastructure communities, enhances cybersecurity collaboration between DHS and critical infrastructure owners and operators, and leverages government and industry subject matter expertise to collaboratively respond to cybersecurity incidents. For more information about CISCP, please email ciscp_coordination@hq.dhs.gov and download an overview of CISCP.

Enhanced Cybersecurity Services (ECS)

The Department of Homeland Security’s (DHS) Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that helps U.S. based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. ECS works by sharing sensitive and classified cyber threat information with accredited Commercial Service Providers (CSPs). These CSPs in turn use that information to block certain types of malicious traffic from entering customer networks. ECS is meant to augment, but not replace, existing cybersecurity capabilities. All U.S.-based public and private organizations are eligible to enroll in ECS. Please contact the ECS CSPs for enrollment information:

General ECS information is available at: http://dhs.gov/enhanced-cybersecurity-services.

Federal Emergency Management Agency (FEMA) Emergency Planning Exercises

The FEMA Private Sector Division, Office of External Affairs, introduced a series of tabletop exercises in 2010 as a tool to help private sector organizations advance their continuity, preparedness, and resiliency. Tabletop exercises are designed to help an organization test a hypothetical situation, such as a natural or man-made disaster, and evaluate the groups’ ability to cooperate and work together, as well as test their readiness to respond. To access the exercises, visit: http://www.fema.gov/emergency-planning-exercises.


Back to Top
 

Resources to Respond

Cyber Information Sharing and Collaboration Program (CISCP)

A no-cost information sharing partnership between enterprises and DHS, CISCP creates shared situational awareness across critical infrastructure communities, enhances cybersecurity collaboration between DHS and critical infrastructure owners and operators, and leverages government and industry subject matter expertise to collaboratively respond to cybersecurity incidents. For more information about CISCP, please email ciscp_coordination@hq.dhs.gov and download an overview of CISCP.

Cyber Security Advisors (CSAs)

CSAs are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of the Nation’s critical infrastructure and SLTT governments. CSAs offer immediate and sustained assistance to prepare and protect SLTT and private entities. CSAs bolster the cybersecurity preparedness, risk mitigation, and incident response capabilities of these entities and bring them into closer coordination with the Federal Government. CSAs represent a front line approach and promote resilience of key cyber infrastructures throughout the U.S. and its territories. For more information about CSAs, please email cyberadvisor@hq.dhs.gov.

Protective Security Advisors (PSAs)

PSAs are trained critical infrastructure protection and vulnerability mitigation subject matter experts. Regional Directors are Supervisory PSAs, responsible for the activities of eight or more PSAs and geospatial analysts, who ensure all Office of Infrastructure Protection critical infrastructure protection programs and services are delivered to Federal and SLTT stakeholders and private sector owners and operators. The PSA program focuses on physical site security and resiliency assessments, planning and engagement, incident management assistance, and vulnerability and consequence information sharing. For more information about PSAs, visit: http://dhs.gov/protective-security-advisors.

Enhanced Cybersecurity Services (ECS)

The Department of Homeland Security’s (DHS) Enhanced Cybersecurity Services (ECS) program is an intrusion prevention capability that helps U.S. based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. ECS works by sharing sensitive and classified cyber threat information with accredited Commercial Service Providers (CSPs). These CSPs in turn use that information to block certain types of malicious traffic from entering customer networks. ECS is meant to augment, but not replace, existing cybersecurity capabilities. All U.S.-based public and private organizations are eligible to enroll in ECS. Please contact the ECS CSPs for enrollment information:

General ECS information is available at: http://dhs.gov/enhanced-cybersecurity-services.

Cyber Incident Response and Analysis

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) offers incident response services to critical infrastructure asset owners that are experiencing impacts from cyber attacks. Services include digital media and malware analysis, identification of the source of an incident, analyzing the extent of the compromise, and developing strategies for recovery and improving defenses. Incident response teams also provide concepts for improving intrusion detection capabilities and ways to eliminate vulnerabilities and minimize losses from a cyber attack. For more information or to request response services, email: ics-cert@hq.dhs.gov.

National Security Agency (NSA) / Information Assurance Directorate (IAD) National Security Cyber Assistance Program

The NSA/IAD has established a National Security Cyber Assistance Program wherein commercial organizations can receive accreditation for cyber incident response services. This accreditation in Cyber Incident Response Assistance will validate that an organization has established processes, effective tools and knowledgeable people with the proper skill set and expertise to perform cyber incident response for national security systems. Visit http://www.nsa.gov/ia for more information or download best practices for keeping your home network secure at http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf.

Federal Communications Commission (FCC) Cybersecurity for Small Business

In October 2012, the FCC re-launched Small Biz Cyber Planner 2.0, an online resource to help small businesses create customized cybersecurity plans. Companies can use this tool to create and save a custom cybersecurity plan, choosing from a menu of expert advice to address specific business needs and concerns. The FCC also released an updated Cybersecurity Tip Sheet, a quick resource featuring new tips on creating a mobile device action plan and on payment and credit card security. For more information and to access these resources, visit http://www.fcc.gov/cyberforsmallbiz.

Cybersecurity Service Offering Reference Aids

DHS’s National Protection and Programs Directorate (NPPD) has developed a list of freely-available reports and resources pertinent to managing the acquisition of cybersecurity services. It is not intended to be exhaustive, but covers a wide range of cybersecurity services including cloud service providers, cyber incident response, cloud computing, software assurance, and industrial control systems. While most of the recommendations and reports below are vendor-agnostic, some identify specific service providers that have met a certification criteria related to their service offerings. DHS does not endorse any particular service provider or offering.  Access the reference aids here: Cybersecurity Service Offering Reference Aids.

Federal Emergency Management Agency (FEMA) Emergency Planning Exercises

The FEMA Private Sector Division, Office of External Affairs, introduced a series of tabletop exercises in 2010 as a tool to help private sector organizations advance their continuity, preparedness, and resiliency. Tabletop exercises are designed to help an organization test a hypothetical situation, such as a natural or man-made disaster, and evaluate the groups’ ability to cooperate and work together, as well as test their readiness to respond. To access the exercises, visit: http://www.fema.gov/emergency-planning-exercises


Back to Top
 

Resources to Recover

Federal Emergency Management Agency (FEMA) Emergency Planning Exercises

The FEMA Private Sector Division, Office of External Affairs, introduced a series of tabletop exercises in 2010 as a tool to help private sector organizations advance their continuity, preparedness, and resiliency. Tabletop exercises are designed to help an organization test a hypothetical situation, such as a natural or man-made disaster, and evaluate the groups’ ability to cooperate and work together, as well as test their readiness to respond. To access the exercises, visit: http://www.fema.gov/emergency-planning-exercises.


Back to Top
 
Back to Top