US-CERT does not endorse specific organizations. The following links are included for your information and convenience.
- CERT Coordination Center
- Defense Cyber Crime Center (DC3)
- DHS Cyber Resources
- Forum for Incident Response and Security Teams (FIRST)
- Homeland Open Security Technology (HOST)
- International Telecommunications Union, Cybersecurity Gateway
- National Council of ISACs
- National Cybersecurity and Communications Integration Center (NCCIC)
- Organization of American States, Cyber Security Program
- Organization of Economic Cooperation and Development, Information Security and Privacy
- Common Vulnerabilities and Exposures List (CVE)
Search vulnerabilities by CVE name or browse the US-CERT list of vulnerabilities for specific CVEs.
- National Infrastructure Advisory Council's Vulnerability Disclosure Framework
Improve your understanding of vulnerability management practices.
- National Vulnerability Database (NVD)
Search U.S. government vulnerability resources for information about vulnerabilities on your systems.
- Open Vulnerability Assessment Language (OVAL)
Identify vulnerabilities on your local systems using OVAL vulnerability definitions.
Tools, Techniques, Research, and Guidelines
- Build Security In
BSI provides a collection of software assurance and security information to help software developers, architects, and security practitioners create secure systems.
- Center for Education and Research in Information Assurance and Security (CERIAS)
CERIAS offers tools and resources to the security community at large.
- DHS Science and Technology Directorate Cyber Security Division Resources
DHS provides public documents relevant to the planning of cybersecurity research and development.
- Information Sharing Specifications
TAXII, STIX, and CybOX are technical specifications designed to enable automated information sharing for cybersecurity situational awareness, real-time network defense and sophisticated threat analysis.
- National Institute of Standards and Technology (NIST)
NIST offers various publications to promulgate computer security standards and guidelines and present relevant supporting information and research.
- Operationally Critical Threat and Vulnerability Evaluation (OCTAVE)
OCTAVE includes tools and techniques for risk-based assessment and planning.
- Software Assurance: Community Resources and Information Clearinghouse
The Software Assurance Program provides resources to encourage cyber resilience.
- Federal Cyber Service: Scholarship for Service Program (SFS)
The SFS program seeks to increase the number of skilled students entering the fields of information assurance and computer security.
- National Centers of Academic Excellence in Information Assurance Education
The Centers of Academic Excellence program strengthens higher education in information assurance programs to meet America's growing requirements for cybersecurity professionals.
- National Initiative for Cybersecurity Careers and Studies (NICCS)
A one-stop shop for cybersecurity careers and studies, NICCS connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management.
Security at Home
- OnGuard Online
Practical tips from the Federal Government and technology industry to help consumers guard against Internet fraud, secure their computers, and protect personal information
- Stay Safe Online
Resources sponsored by the National Cyber Security Alliance (NCSA) to promote safe behavior online
- The NetSmartz Workshop
Educational materials for children and teens
- Stop. Think. Connect. || Get Involved and Informed | Tips and Advice
A national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online
Information Sharing and Analysis Centers (ISACs)
Information Sharing and Analysis Centers (ISACs) are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators. For more information about ISACs, visit the National Council of ISACs website.
Policy and Government
- NCCIC Cyber Incident Scoring System
The NCCIC Cyber Incident Scoring System (NCISS) is a framework designed to provide a repeatable and consistent mechanism for estimating the impact of a cyber incident.
- Comprehensive National Cybersecurity Initiative
The CNCI consists of initiatives and goals designed to help secure the United States in cyberspace.
- E-Government Act of 2002 including Title III - The Federal Information Security Management (FISMA) Act
The purpose of this Act is to enhance the management and promotion of electronic government services and processes. Title III of this act is the Federal Information Security Management Act of 2002. The E-Government Act permanently supersedes the Homeland Security Act in those instances where both Acts prescribe different amendments to the same provisions of the United States Code.
- International Strategy for Cyberspace
The International Strategy for Cyberspace outlines a vision for cyberspace and an agenda for realizing it.
- IT Sector Baseline Risk Assessment
The ITSRA identifies and prioritizes national-level risks to critical functions delivered and maintained by the IT Sector and relied on by all critical infrastructure sectors.
- National Infrastructure Protection Plan
NIPP 2013 outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.
- National Security Strategy
The National Security Strategy articulates four enduring national interests advanced by the five missions of DHS.
- Office of Management and Budget Guidance on FISMA
M-15-01 provides current Administration information security priorities, FY 2014-2015 Federal Information Security Management Act (FISMA) and Privacy Management reporting guidance and deadlines, and policy guidelines to improve Federal information security posture.
- Presidential Homeland Security Issues
This web page describes guiding principles for securing the United States from 21st-century threats.
- Presidential Policy Directive – Critical Infrastructure Security and Resilience
Released in February 2013, PPD-21 provides guidance for a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.
- Quadrennial Homeland Security Review
Published in 2014, the QHSR reaffirms the five homeland security missions set forth in the previous QHSR, while acknowledging the evolving landscape of homeland security threats and hazards.
- US-CERT Year In Review CY 2012
- US-CERT 2012 Trends In Retrospect