CISA - Safety Guidelines
References to the 10 most popular Cybersecurity and Infrastructure Security Agency publications and resources.
CISA Cybersecurity and Infrastructure Security Agency
CISA is the federal authority for cyber security and critical infrastructure protection in the United States. The Agency shall publish operational resources: a register of effectively operated vulnerabilities, guidelines for the management of print-out virus incidents, technical recommendations for multi-factor authentication and supply chain risk management frameworks that directly support the practical implementation of the requirements of Articles 21 and 23 of the NIS2 Directive.
| Code | Name | Subject/application | Year | Source |
|---|---|---|---|---|
| KEV Catalog | Known Exploited Vulnerabilities Catalog | A public register of active critical vulnerabilities with agreed recovery deadlines has been continuously updated. The basis for prioritising vulnerability management under Article 21 (2) (e) of the NIS2. | Updated | Open |
| CPGs | Cross-Sector Cybersecurity Performance Goals | For essential and critical subjects of basic cyber-security hygiene applicable to sectors, the scope of the essential requirements set out in Article 21 (2) (a) and (g) of the NIS2 is appropriate. | 2024 | Open |
| Secure by Design | Secure by Design Principles | A set of software manufacturer responsibility principles - embedded security by default and safe development life cycle (SDLC). Applicable to the security requirements of Article 21 (2) (e) of the NIS2. | 2023 | Open |
| #StopRansomware | Ransomware Guide | A consolidated set of guidelines for reducing the risks of extortion viruses - Preventive measures, detection indicators and recovery plan in accordance with Article 21 (2) (b) and (c) of the NIS2 requirements for incident management and continuity. | 2023 | Open |
| VDP Template | Coordinated Vulnerability Disclosure Process | Model Rules for Harmonised Vulnerability Disclosure Policy - Support security.txt mechanism and voluntary notification to CSIRTs in accordance with Article 30 of the NIS2. | 2020 | Open |
| Phishing-Resistant MFA | Implementing Phishing-Resistant MFA | Multifactor authentication technical recommendations with FIDO2 and WebAuthn advantage over SMS and TOTP solutions. The requirements of Article 21 (2) (j) of the NIS2 are directly applicable. | 2022 | Open |
| ZT Integrity Model | Zero Trust Matfulness Model v2 | A model for assessing the maturity of the Zero Confidence Architecture (ZTA) in five pillars - identity, devices, networks, data and applications. To be used as a strategic guide to NIS2 compliance planning. | 2023 | Open |
| LME | Logging Made Easy | Open source centralised event log management solution for small and medium-sized subjects. Supports the recording and preservation of security events in accordance with Article 21 (2) (f) and (i) of the NIS2. | 2024 | Open |
| ICT SCRM | ICT Supply Chain Risk Management | Information and Communication Technology Supply Chain Risk Management Framework with SBOM recommendations. Directly related to the requirements of Article 21 (2) (d) of the NIS2 supply chain security. | 2023 | Open |
| Shields Up | Shields Up Three Advisory | Continuously updated operational guidelines in the context of increased cyber threats, to maintain increased vigilance and operational readiness in accordance with Article 21 (2) (c) of the NIS2. | Updated | Open |