Critical Infrastructure Protection Resources

CISA’s Critical Infrastructure Training: Cybersecurity and Infrastructure Security Agency’s (CISA) Infrastructure Security Division offers a wide array of free training programs to government and private sector partners. These web-based independent study courses, instructor-led courses, and associated training materials provide government officials and critical infrastructure owners and operators with the knowledge and skills needed to implement critical infrastructure security and resilience activities.

TRACIE Topic Collections: List of collected resources, including additional trainings, guidance, and plans, tools, and templates, organized by topic.

National Critical Functions: Information on the Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s National Critical Functions prioritization of critical infrastructure and a more systematic approach to corresponding risk management activity.

Critical Infrastructure Partnership Advisory Council (CIPAC): Information on the Department of Homeland Security’s Critical Infrastructure Partnership Advisory Council (CIPAC), which facilitates interaction between governmental entities and representatives from the community of critical infrastructure owners and operators.

National Infrastructure Protection Plan (NIPP): Outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.

National Defense Authorization Act (NDAA): Outlines the legislative authorities and responsibilities of the Sector Risk Management Agency role.

Building Health Sector Resilience to Climate Change: Provides an overview guide and a suite of online tools and resources highlighting emerging best practices for developing sustainable and climate-resilient health care facilities.

Health Care and Public Health Sector Cybersecurity Framework Implementation Guide: The Health Care and Public Health Sector Cybersecurity Framework Implementation Guide was developed to help organizations establish a strong cybersecurity program or validate the effectiveness of an existing program. The guide enables organizations to map their existing program to the NIST Cybersecurity Framework, identify improvements, and communicate results. This guide was developed to incorporate and align with processes and tools the organization is already using or plans to use.

Knowledge on Demand: This new online educational platform offers free cybersecurity trainings for health and public health organizations to improve cybersecurity awareness.

Health Industry Cybersecurity Practices (HICP) 2023 Edition: The HICP 2023 Dedition is a foundational publication that aims to raise awareness of cybersecurity risks, provide best practices, and help the HPH Sector set standards in mitigating the most pertinent cybersecurity threats to the sector.

Hospital Cyber Resiliency Initiative Landscape Analysis - PDF: This report focuses on domestic hospitals’ current state of cybersecurity preparedness, including a review of participating hospitals benchmarked against standard cybersecurity guidelines such as HICP 2023 and the National Institute of Standards and Technology Cybersecurity Framework.

Cybersecurity Act of 2015, Section 405(d): The CSA 405(d) Task Group enhances cybersecurity and aligns industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity.

Health Sector Cybersecurity Coordination Center (HC3): Health Sector Cybersecurity Coordination Center (HC3) was created by the Department of Health and Human Services to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the HPH Sector.

Management Checklist for COVID-19 Teleworking Surge: This checklist is designed as a quick reference for healthcare enterprise management to consider important factors in a teleworking strategy that minimizes downtime and latency while supporting patient care, operational and IT security, and supply chain resilience.

Health Industry Cybersecurity Information Sharing Best Practices: Provides HPH Sector organizations interested in information sharing with a set of guidelines and best practices for efficient and effective information sharing.

Health Industry Cybersecurity Protection of Innovation Capital: A resource to security and risk practitioners at any stage of their information protection program’s maturity, with a particular focus on Innovation Capital (IC) protection.

Health Industry Cybersecurity Tactical Crisis Response Guide: This document is constructed by industry and government experts to help guide response activities.

Health Sector Return-to-Work (R2W) Guidance: This checklist outlines ways for sites to make the workplace a safe place upon return to work.

Health Industry Cybersecurity Supply Chain Risk Management Guide: The Joint Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide to provide structure and aid as a tool targeted at smaller to mid-sized health organizations.