Check Out, Like, Subscribe and Share CISA's YouTube Channel
The Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. CISA connects industry and government stakeholders to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience.
CISA publishes a series of cybersecurity awareness YouTube webinar overviews for a general audience, including managers and business leaders, that provide core guidance, best practices to prevent incidents, and prepare an effective response if an incident occurs. You can find CISA’s latest YouTube videos here.
 Quarterly ChemLock Trainings
CISA’s ChemLock program provides the ChemLock: Introduction to Chemical Security training course quarterly on a first-come, first-serve basis. This course provides an introduction to identifying, assessing, evaluating, and mitigating chemical security risks. This easy-to-understand overview identifies key components and best practices of chemical security awareness and planning to help kick start chemical security discussions at your facility.
This course runs one to two hours and is appropriate for all personnel regardless of their level of involvement with dangerous chemicals.
Cybersecurity Awareness Month is Near!
The Cybersecurity Awareness Month campaign is rapidly approaching and every year we appreciate your support in helping us meet the goal of staying safe online!
CISA leads this annual, collaborative effort between government and industry with our partner the National Cybersecurity Alliance (NCA).
This year, the Cybersecurity Awareness Month overarching theme for October 2022 is “See Yourself in Cyber.”
Throughout October, CISA and NCA will highlight key action steps that everyone should take:
- Enable Multi-Factor Authentication
- Use Strong Passwords
- Recognize and Report Phishing
- Update Your Software
We know many of you have already begun planning your own campaigns. Please know the following resources are currently available to support your efforts. You can:
- Access year-round available resources at: Cyber Resource Hub | CISA
- Have a speaker discuss cybersecurity at your event! Visit CISA Request a Speaker website to request a CISA speaker
- Visit: CISA’s web page in October to download resources including toolkits, tip sheets, videos and more!
- Visit: NCA’s website to sign up for their campaign updates, newsletter, and more!
Stay tuned for more details and resources on Cybersecurity Awareness Month in the next Bulletin. In the meantime, email the CISA Team with any questions. We look forward to working with you!
Cybersecurity Performance Goals (CPGs)
The CPGs are a baseline set of high-impact security controls for critical infrastructure organizations that encompass Internet Technology and Operational Technology/Industrial Control Systems environments and were co-developed with significant feedback from a diverse array of public and private organizations. The CPGs will help organizations of all sizes prioritize which security controls reduce the most risk to their environment and enable more prudent decision-making on allocation of investments toward specific security practices.
CISA and the National Institute of Standards and Technology (NIST) have recently concluded stakeholder engagement activities, including briefings to Sector Risk Management Agencies (SRMAs) and Sector Coordinating Councils (SCCs). They additionally held three workshops, two for SRMAs/SCCs and one for the public. As of August 10th, CISA and NIST have completed the direct stakeholder engagement phase and are now incorporating feedback to inform a revised draft of the goals and supporting material, with final publication expected in late summer 2022.
For more info about Cybersecurity Performance Goals, visit the Cross-Sector Cybersecurity Performance Goals and Objectives page.
Industrial Control Systems Cybersecurity 301 Lab Provides Hands-On Training Opportunities
|
In the world of Industrial Control Systems (ICS), understanding cybersecurity is critical. To help Industrial Control Operators learn about Information Technology, Operational Technology, and the strategies used to protect these networks, CISA and the Idaho National Laboratory offers the ICS 301 Lab, a hands-on ICS course that delivers more than standard lectures and lessons. This four-day course offers training for understanding, protecting and securing ICS from cyber-attacks. The ICS 301 Laboratory Course is just one of many innovative courses offered by CISA. Find out more at the ICS webpage.
|
Cyber Resource Hub
CISA offers a range of cybersecurity assessments that evaluate operational resilience, cybersecurity practices, organizational management of external dependencies, and other key elements of a robust and resilient cyber framework. These professional, no-cost assessments are provided upon request on a voluntary basis and can help any organization with managing risk and strengthening the cybersecurity of our Nation's critical infrastructure. Two examples are:
- The Cyber Security Evaluation Tool (CSET®) (GitHub link) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology.
- The Cyber Infrastructure Survey evaluates that effectiveness of organizational security controls, cybersecurity preparedness, and the overall resilience of an organization’s cybersecurity ecosystem. This survey provides a service-based view opposed to a programmatic view of cybersecurity. To schedule a Cyber Infrastructure Survey, contact cyberadvisor@cisa.dhs.gov.
CISA Services Catalog
The CISA Services Catalog is all of CISA, all in one place – a resource that provides users with access to information on services across all of CISA’s mission areas that are available to Federal Government; State, Local, Tribal and Territorial Government; Private Industry; Academia; and NGO and Non-Profit stakeholders.
The Catalog is interactive, allowing users to filter in on applicable services with just a few clicks.
This Catalog is intended for electronic viewing on mobile devices only. For the most seamless experience, users should download and save a copy of the Catalog to their computer, then view it in full-screen mode with a PDF viewer. For questions about the services featured in the CISA Services Catalog or for questions about the Catalog itself, please email Central@cisa.gov.
Social Media
Help CISA spread the word about upcoming events and new resources by sharing the following posts via your social media channels. Thank you for your support!
- Don't forget to check out the new infrastructure dependency primer. Find out more here: cisa.gov/idp.
- Want to learn more about recent cybersecurity alerts? Check out @CISAgov's National Cyber Awareness System: cisa.gov/uscert/ncas/alerts.
- @CISAgov encourages stakeholders to remain vigilant when accessing information online. For the latest internet protocol guidance, click here: cisa.gov/tic.
To access past editions of the CISA Community Bulletin newsletter, please visit the CISA Community Bulletin archive.
Help CISA spread the word about upcoming events and new resources by sharing the following posts via your social media channels. Thank you for your support!
To access past editions of the CISA Community Bulletin newsletter, please visit the CISA Community Bulletin archive.
|
