https://www.us-cert.gov/related-resources

Related Resources | US-CERT

US-CERT does not endorse specific organizations. The following links are included for your information and convenience.

Security Organizations

• CERT Coordination Center
• Defense Cyber Crime Center (DC3)
• DHS Cyber Resources
• Forum for Incident Response and Security Teams (FIRST)
• Homeland Open Security Technology (HOST)
• International Telecommunications Union, Cybersecurity Gateway
• National Council of ISACs
• National Cybersecurity and Communications Integration Center (NCCIC)
• Organization of American States, Cyber Security Program
• Organization of Economic Cooperation and Development, Information Security and Privacy

Vulnerability Information

• Common Vulnerabilities and Exposures List (CVE)
  Search vulnerabilities by CVE name or browse the US-CERT list of vulnerabilities for specific CVEs.
• National Infrastructure Advisory Council's Vulnerability Disclosure Framework
  Improve your understanding of vulnerability management practices.
• National Vulnerability Database (NVD)
  Search U.S. government vulnerability resources for information about vulnerabilities on your systems.
• Open Vulnerability Assessment Language (OVAL)
  Identify vulnerabilities on your local systems using OVAL vulnerability definitions.

Tools, Techniques, Research, and Guidelines

• Build Security In
  BSI provides a collection of software assurance and security information to help software developers, architects, and security practitioners create secure systems.
• Center for Education and Research in Information Assurance and Security (CERIAS)
  CERIAS offers tools and resources to the security community at large.
• DHS Science and Technology Directorate Cyber Security Division Resources
  DHS provides public documents relevant to the planning of cybersecurity research and development.
• Information Sharing Specifications
  TAXII, STIX, and CybOX are technical specifications designed to enable automated information sharing for cybersecurity situational awareness, real-time network defense and sophisticated threat analysis.
• National Institute of Standards and Technology (NIST)
  NIST offers various publications to promulgate computer security standards and guidelines and present relevant supporting information and research.
• Operationally Critical Threat and Vulnerability Evaluation (OCTAVE)
  OCTAVE includes tools and techniques for risk-based assessment and planning.
• Software Assurance: Community Resources and Information Clearinghouse
  The Software Assurance Program provides resources to encourage cyber resilience.

Education

• Federal Cyber Service: Scholarship for Service Program (SFS)
  The SFS program seeks to increase the number of skilled students entering the fields of information assurance and computer security.
• National Centers of Academic Excellence in Information Assurance Education
  The Centers of Academic Excellence program strengthens higher education in information assurance programs to meet America's growing requirements for cybersecurity professionals.
• National Initiative for Cybersecurity Careers and Studies (NICCS)
  A one-stop shop for cybersecurity careers and studies, NICCS connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent management.

Security at Home

• OnGuard Online
  Practical tips from the Federal Government and technology industry to help consumers guard against Internet fraud, secure their computers, and protect personal information
• Stay Safe Online
  Resources sponsored by the National Cyber Security Alliance (NCSA) to promote safe behavior online
• The NetSmartz Workshop
  Educational materials for children and teens
• Stop. Think. Connect. || Get Involved and Informed | Tips and Advice
  A national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online

Information Sharing and Analysis Centers (ISACs)

Information Sharing and Analysis Centers (ISACs) were established to allow sectors to share information and work together in an effort to protect our critical infrastructures.

Policy and Government

• NCCIC Cyber Incident Scoring System
  The NCCIC Cyber Incident Scoring System (NCISS) is a framework designed to provide a repeatable and consistent mechanism for estimating the impact of a cyber incident.
• Comprehensive National Cybersecurity Initiative
  The CNCI consists of initiatives and goals designed to help secure the United States in cyberspace.
• E-Government Act of 2002 including Title III - The Federal Information Security Management (FISMA) Act 
  The purpose of this Act is to enhance the management and promotion of electronic government services and processes. Title III of this act is the Federal Information Security Management Act of 2002. The E-Government Act permanently supersedes the Homeland Security Act in those instances where both Acts prescribe different amendments to the same provisions of the United States Code.
• International Strategy for Cyberspace
  The International Strategy for Cyberspace outlines a vision for cyberspace and an agenda for realizing it.
• IT Sector Baseline Risk Assessment
  The ITSRA identifies and prioritizes national-level risks to critical functions delivered and maintained by the IT Sector and relied on by all critical infrastructure sectors.
• National Infrastructure Protection Plan
  NIPP 2013 outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.
• National Security Strategy
  The National Security Strategy articulates four enduring national interests advanced by the five missions of DHS.
• Office of Management and Budget Guidance on FISMA

  M-15-01 provides current Administration information security priorities, FY 2014-2015 Federal Information Security Management Act (FISMA) and Privacy Management reporting guidance and deadlines, and policy guidelines to improve Federal information security posture.

• Presidential Homeland Security Issues
  This web page describes guiding principles for securing the United States from 21st-century threats.
• Presidential Policy Directive – Critical Infrastructure Security and Resilience
  Released in February 2013, PPD-21 provides guidance for a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure.
• Quadrennial Homeland Security Review
  Published in 2014, the QHSR reaffirms the five homeland security missions set forth in the previous QHSR, while acknowledging the evolving landscape of homeland security threats and hazards.
• US-CERT Year In Review CY 2012
• US-CERT 2012 Trends In Retrospect

Elyssa D. Durant 

Research & Policy Analyst

Columbia University, New York