Cybersecurity and Infrastructure Security Agency (CISA)

What is the Cybersecurity and Infrastructure Security Agency (CISA)?

The Cybersecurity and Infrastructure Security Agency (CISA) is the United States federal agency charged with leading the national effort to understand, manage, and reduce risk to cyber and physical infrastructure. Established in 2018 as an operational component of the Department of Homeland Security (DHS), CISA serves as the national coordinator for critical infrastructure security and resilience, working across public and private sectors to protect against today's threats and collaborating to build a more secure and resilient infrastructure for the future.

As the nation's cybersecurity coordinator, CISA works with partners to defend against cyber threats, and collaborates to build more secure and resilient infrastructure for the future. The agency provides cybersecurity tools, incident response services, and assessment capabilities to safeguard federal networks and critical infrastructure organizations.

CISA's Core Responsibilities

Cybersecurity

• Federal Network Protection: Securing federal civilian executive branch networks
• Vulnerability Management: Identifying, analyzing, and mitigating vulnerabilities in software and systems
• Threat Intelligence: Collecting, analyzing, and sharing cyber threat information
• Incident Response: Coordinating the response to significant cyber incidents
• Technical Assistance: Providing cybersecurity assessments, tools, and services

Infrastructure Security

• Critical Infrastructure Resilience: Enhancing the security and resilience of U.S. critical infrastructure
• Physical Security: Providing assessments and training to protect physical assets
• Emergency Communications: Ensuring reliable, interoperable emergency communications
• Risk Management: Helping organizations understand and address risks

National Risk Management

• National Risk Assessment: Identifying and evaluating risks to critical infrastructure
• Cross-Sector Coordination: Facilitating information sharing between infrastructure sectors
• Strategic Planning: Developing plans to address evolving threats and vulnerabilities

Key CISA Programs and Initiatives

Known Exploited Vulnerabilities (KEV) Catalog

A continuously updated catalog of vulnerabilities that are being actively exploited by threat actors. Federal agencies are required to remediate listed vulnerabilities within specified timeframes.

{
  "catalogVersion": "2023.12.15",
  "vulnerabilities": [
    {
      "cveID": "CVE-2021-44228",
      "vendorProject": "Apache",
      "product": "Log4j",
      "vulnerabilityName": "Apache Log4j Remote Code Execution",
      "dateAdded": "2021-12-11",
      "shortDescription": "Remote code execution vulnerability in Apache Log4j",
      "requiredAction": "Apply updates per vendor instructions",
      "dueDate": "2021-12-24"
    }
  ]
}

Binding Operational Directive (BOD) Program

Compulsory directions to federal agencies for improving their cybersecurity posture:

• BOD 23-01: Improving Asset Visibility and Vulnerability Detection
• BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities
• BOD 19-02: Vulnerability Remediation Requirements for Internet-Accessible Systems

Secure by Design Initiative

A program encouraging technology manufacturers to prioritize security in the design phase, promoting:

1. Secure by Default Configurations: Products ship with the most secure settings enabled
2. Transparency in Security Practices: Clear documentation of security features and limitations
3. Memory Safety: Eliminating memory-related vulnerabilities
4. Software Bills of Materials (SBOMs): Providing transparency about software components

Shields Up

A campaign providing guidance for organizations to strengthen their security posture during heightened threat periods, with specific recommendations for:

• Executive Leadership: Strategic risk management considerations
• Technical Teams: Tactical cybersecurity measures
• Organizational Planning: Preparedness for potential cyber incidents

CISA's Role in Software Supply Chain Security

Supply Chain Risk Management

CISA leads efforts to identify, assess, and mitigate supply chain risks affecting critical systems and infrastructure, including:

• Information and Communications Technology (ICT) Supply Chain Risk Management Task Force: Public-private partnership developing supply chain risk management strategies
• Software Assurance Initiatives: Programs to improve the security and trustworthiness of software throughout its lifecycle
• Open Source Software Security: Efforts to enhance the security of open source software widely used in critical systems

SBOM Promotion and Guidance

CISA advocates for the widespread adoption of Software Bills of Materials (SBOMs) and provides guidance on:

• SBOM Implementation: Practical approaches to generating and using SBOMs
• Minimum Elements: Recommended content for effective SBOMs
• SBOM Sharing: Standards and mechanisms for exchanging SBOM data
• SBOM Tooling: Resources for automating SBOM processes

Vulnerability Disclosure and Management

CISA coordinates the responsible disclosure and management of vulnerabilities through:

• Coordinated Vulnerability Disclosure Process: A structured approach to vulnerability reporting and mitigation
• Vulnerability Information and Coordination Group: Facilitating information sharing about vulnerabilities
• Vulnerability Disclosure Policy Template: Guidance for organizations to establish their own disclosure policies

CISA Resources and Services

Free Technical Services

CISA offers numerous no-cost services to organizations, including:

• Vulnerability Scanning: Automated scanning of internet-accessible systems
• Penetration Testing: Simulated cyber attacks to identify weaknesses
• Red Team Assessments: Advanced adversary emulation exercises
• Phishing Campaign Assessment: Evaluation of an organization's susceptibility to phishing
• Risk and Vulnerability Assessment: Comprehensive security posture analysis

Information Sharing Platforms

CISA facilitates information sharing through several platforms:

• Automated Indicator Sharing (AIS): Real-time exchange of cyber threat indicators
• Information Sharing and Analysis Centers (ISACs): Sector-specific threat information sharing
• Malware Analysis Portal: Platform for analyzing suspicious files and indicators
• Cybersecurity Advisories: Timely information about current security issues

Training and Awareness Programs

CISA provides cybersecurity education through:

• Federal Virtual Training Environment: Online cybersecurity courses
• Cyber Defense Exercise Series: Hands-on incident response training
• Critical Infrastructure Exercises: Simulations for infrastructure protection
• National Cybersecurity Awareness Month: Annual campaign promoting cybersecurity awareness

CISA and Regulatory Compliance

Executive Order 14028

CISA plays a central role in implementing the 2021 Executive Order on Improving the Nation's Cybersecurity, including:

• Zero Trust Architecture: Guidance for federal agencies transitioning to zero trust
• Cloud Security: Standards for secure cloud service use
• Supply Chain Security: Requirements for software used by the federal government
• Incident Reporting: Enhanced cyber incident reporting requirements

Federal Information Security Modernization Act (FISMA)

CISA oversees the implementation of FISMA across federal agencies through:

• Continuous Diagnostics and Mitigation (CDM): Programs to identify and mitigate cybersecurity risks
• Federal Information Systems Security Reporting: Tracking of agency compliance with security standards
• Security Assessment Framework: Standardized approach to evaluating security posture

CISA's International Engagement

Global Collaboration

CISA works with international partners on:

• Cyber Threat Intelligence Sharing: Exchange of information about emerging threats
• Critical Infrastructure Protection: Coordinated approaches to infrastructure security
• Capacity Building: Assistance to strengthen global cybersecurity capabilities
• International Technical Assistance: Support for foreign partners facing cyber incidents

Alignment with International Standards

CISA promotes alignment with global frameworks, including:

• NIST Cybersecurity Framework: Voluntary guidance for managing cybersecurity risk
• ISO/IEC Standards: International standards for information security
• Global Supply Chain Security: International approaches to securing supply chains

Future Directions

Emerging Focus Areas

CISA continues to expand its focus to address evolving challenges:

• Artificial Intelligence Security: Managing risks associated with AI systems
• Quantum Computing Preparedness: Planning for post-quantum cryptography
• 5G Security: Ensuring the security of next-generation telecommunications
• Industrial Control Systems Security: Protecting operational technology in critical infrastructure
• Ransomware Prevention: Comprehensive approach to combating ransomware threats

Strategic Initiatives

Key strategic priorities for CISA include:

• Reducing Critical Vulnerabilities: Focused effort on the most impactful security weaknesses
• Measurable Improvements: Evidence-based approach to cybersecurity enhancements
• Public-Private Collaboration: Strengthening partnerships across sectors
• Workforce Development: Building cybersecurity skills and expertise nationwide