National Counterintelligence and Security Center
Job Aids
- Countering Foreign Intelligence Threats: Implementation and Best Practices Guide This job aid from the National Counterintelligence and Security Center (NCSC) on countering foreign threats givesbest practices for implementing a CI Program. This resource is best suited for facility security personnel and seniorleaders.
Although oriented for Department of Defense (DOD) personnel, these address universal principles applicable anywhere:
- Counterintelligence (CI) Awareness Integration Plan
This job aid provides basic guidelines on setting up a CI program. - Counterintelligence Best Practices for Industry
This job aid is a more in-depth look into CI programs and several of the foreign collection methods. - Understanding Espionage and National Security Crimes
This job aid discusses the difference between economic espionage, trade secret theft, and Export Administration Regulation (EAR) or International Traffic in Arms Regulation (ITAR) Violations. - CI Foreign Travel Briefing – Provides guidance and templates for establishing a foreign travel program
- Suspicious Emails
- Counterintelligence Awareness and Security Brief eLearning
Posters
Reports
- National Counterintelligence Strategy Executive Summary
This report provides an executive summary of the National Counterintelligence Strategy of the United States of America for 2020-2022.
Toolkits
- Build Security In
This toolkit by the Cybersecurity & Infrastructure Security Agency (CISA) has several articles and tools to assist in building security into a program. This toolkit is more applicable for network administrators and information technology and security personnel. - Computer Security Resource Center
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) toolkit for computer security resources has a wealth of information for incorporating both CI and cyber into a security program. This toolkit is more applicable for network administrators and information technology and security personnel.
Watch & Learn
- CDSE Counterintelligence Awareness Video Lesson
This four minute YouTube video is a basic primer on Counterintelligence and Security. This job aid is suited for all facility personnel. - CI and Insider Threat Support to Security
This seven minute YouTube video gives the basic “why” on Insider threat and Counterintelligence. The first four and a half minutes are more universal, and after this mark, the video becomes more Department of Defense (DOD) centric. This resource is best suited for facility security personnel and senior leaders.
Games
Test your knowledge and encourage CI Awareness at your organization with these two engaging games.
National OPSEC Program Office - Operations Security (dni.gov)
Toolkits
- OPSEC for All
- OPSEC Awareness Month Messaging Champion Communications Packet for Universities/Colleges
Posters
The Association of American Universities is composed of America’s leading research universities. AAU’s 65 research universities transform lives through education, research, and innovation. Visit the AAU Science & Security website to learn about their role in protecting research and innovation.
The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. Visit the NSF Research Security site for more information.
eLearning Courses
- Cyber Security Awareness, CS130.16
This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.
Job Aids
- Cyber Essentials Guide
This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices. - Mobile Device Safety
This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment. - Spearfishing and Common Cyber Attacks
This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods. - Top 10 Routinely Exploited Vulnerabilities
This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats. - Joint Cyber Intelligence Tool Suite (JCITS)
In partnership with industry, JCITS uses mapping of cleared contractor public infrastructure and fuses those maps with known cyber-attack patterns of foreign adversaries. - CISA Regional Offices
This job aid provides a map with CISA Regional Office contact information.
Posters
- Phishing 8.5 x 11 / 17 x 22
- Protect Your Information 8.5 x 11 / 17 x 22
- Secure Your Information 8.5 x 11 / 17 x 22
- Stronger Passwords 8.5 x 11 / 17 x 22
Reports
- NIST Framework for Improving Critical Infrastructure Cybersecurity
Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
Toolkits
- Cyber Essentials Toolkit
The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness. - NSA Cybersecurity Advisories and Technical Guidance
This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements. - OnGuardOnline
This Federal Trade Commission website contains general information and tips to protect information and devices online. - NCSC Awareness Materials
The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.
Watch & Learn
- Cybersecurity Attacks - The Insider Threat
This 15-minute video teaches the viewer to recognize and mitigate the attacks performed by witting and unwitting entities that comprise the cybersecurity environment. - NCSC Cyber Training Series
This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer'scomponent layers and associated functions, virtualization concepts, and security methods. - Protect Your Computer from Malware
Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobiledevice without your consent. Learn more about how to avoid, detect, and get rid of malware.
Webinars
- Creating a Workplace Culture of Cybersecurity
This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in theworkplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.
Games
- Cybersecurity: Tomorrow’s Internet
InternetTest your knowledge of cybersecurity and earn badges as you go. - Cybersecurity Magic 8 Ball
Can you correctly predict how the Magic 8 Ball will answer these cybersecurity questions? - Cybersecurity Trivia Twirl
This game features a wheel with six segments, each representing a different Cybersecurity category. Spin the wheel andcorrectly answer the question to “collect” that category segment. Play continues until you successfully collect all sixcategory segments.
National Cybersecurity Policy for Industry & Academia
Policy
- NIST Special Publications Library (800 Series)
- NIST SP 800-146 Cloud Computing Synopsis and Recommendations
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB Memo)
- Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Social Media Considerations for Industry & Academia
Job Aids
- Social Media Safety
This job aid from ODNI provides best practices for navigating social media safely. - Social Media: Leveraging Value while Mitigating Risk
The slides from a presentation by David Etue, Vice President of Corporate Development Strategy at SafeNet, discuss theimportance, impact and risk of social media in protection health information, and discuss some best practices in mitigation ofthose risks. - Facebook Smartcard (Configuration Guide)
This is a quick configuration guide for Facebook. - Facebook Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their Facebook profile to mitigatetheir risk. - LinkedIn Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their LinkedIn profile to mitigatetheir risk. - Twitter Smartcard (Configuration Guide)
This is a quick configuration guide for Twitter. - Twitter Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their Twitter account to mitigatetheir risk.
Posters
Reports
- Internet Social Networking Risks
This ODNI report provides definitions of terms associated with internet and social networking risks and provides practicaltips and best practices for mitigating the risk.
Watch & Learn
- Social Media Video Lesson
This video lesson explores the risks associated with social media and why you should be concerned.
Safeguarding Science
An Outreach Initiative for Protecting Research and Innovation
in Emerging Technologies
An informed, empowered scientific community is best positioned to assess emerging technologies and their applications and to design measures to guard against the potential misuse or theft of these technologies. The National Counterintelligence and Security Center (NCSC) has partnered with multiple federal agencies to develop an outreach initiative, “Safeguarding Science,” designed to raise awareness of the spectrum of risk in emerging technologies and to help stakeholders in these fields to develop their own methods to protect research and innovation. The initiative focuses on emerging technology sectors where the stakes are potentially greatest for U.S. economic and national security, including the following:
|
|
|
|
|
Please click the above images for additional information.
SAFEGUARDING SCIENCE GOALS
- Promote a U.S. research ecosystem that emphasizes collaboration, openness, equity, integrity, and security, all of which facilitate innovation
- Provide curated resources for our stakeholders to support best practices in protecting research and innovation
- Supplement existing ethics training with security education to provide case studies relating to misuse and exploitation of research
- Provide inclusive educational opportunities for domestic / international students and faculty that are germane to the fields of research and development
- Assist academia and industry in developing their own methods to protect research from theft, misuse, abuse, or exploitation.
- Highlight shared responsibility of scientific community and U.S. government to protect research and innovation in emerging technologies
- Develop a culture of security awareness to supplement existing compliance measures, fostering scientific citizenship
- Evolve from a “do no harm” mentality to an explicit “not on my watch” mentality
- Foster information exchanges to better identify emerging technology security challenges
- Establish liaison contacts between scientific community and the U.S. government
- Facilitate tripwire/suspicious activity reporting
SAFEGUARDING SCIENCE TOOLKIT
The resources categorized on the upper left side of the page have been developed with partners at the National Science Foundation (NSF), National Institute for Standards and Technology (NIST), the Department of Health and Human Services (HHS), the Federal Aviation Administration (FAA), the Department of Defense (DOD), and other federal agencies.
The toolkit provides partners with a range of resources to choose from to help them better protect their research and innovation. The resources include training, best practices, videos, awareness materials, policy references, and other materials from across the U.S. government, as well as from academia (including training for research institutions made by research institutions). The toolkit will remain a dynamic resource that is maintained and updated. Select a category to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or NCSC recommendations.
As mandated by Congress, a core NCSC mission is to conduct counterintelligence (CI) outreach to the U.S. private sector, academic and research communities, as well as other external stakeholders to arm them with information about foreign intelligence threats to their organizations and ways to mitigate risk.
NCSC executes the roles and responsibilities of the National Operations Security (OPSEC) Program Office, as described in National Security Presidential Memorandum (NSPM)-28 and will support department and agency implementation of OPSEC programs. NCSC/ETD will provide additional guidance, work with all Executive Branch departments and agencies to develop their programs, and will provide program development, training, and awareness materials.
As set forth in NSPM-28, the National Operations Security Program (NOP) supports the establishment, implementation, and standardization of stakeholder OPSEC programs across the Executive Branch of the U.S. Government (USG) and, as appropriate, beyond to trusted partners.
NSPM-28 requires all Executive Branch departments and agencies to implement OPSEC capabilities that identify and protect their most critical assets, identify and mitigate vulnerabilities, consider foreign adversarial threats in their organization’s risk management activities, and apply sufficient threat mitigation practices to counter the threat. NOP requirements are set forth in NSPM-28.
OPSEC Bulletins
March 2023
January 2023 – National OPSEC Awareness Month
- Understanding OPSEC - Bulletin 1
- Understanding OPSEC - The OPSEC Cycle - Bulletin 2
- Protecting Individuals by Practicing OPSEC - Bulletin 3
- Understanding OPSEC from an Organizational Perspective - Bulletin 4
NOP Authorities & Policies
Please Note: National Security Presidential Memorandum (NSPM) 28 is Unclassified but not approved for public release and therefore cannot be posted on this website. Stakeholders within the US government may reach out to This email address is being protected from spambots. You need JavaScript enabled to view it. to obtain a copy.
OPSEC Training
- Registrar: This email address is being protected from spambots. You need JavaScript enabled to view it.
- OPSEC Course Schedule
- OPSEC for All
OPSEC Resources & Templates
- Critical Information List (CIL) Example
- OPSEC Analysis Resources
- OPSEC for Publicly Facing Websites Checklist
- OPSEC Program Manager Appointment Letter Sample
- OPSEC Program Continuity Book (Table of Contents) Example
- OPSEC Program Plan Template 1
- OPSEC Program Plan Template 2
- OPSEC Program Plan Template 3
- OPSEC Program Policy Checklist
- OPSEC Program Policy Template
- OPSEC Program Self-Evaluation Checklist
- OPSEC Working Group Appointment Letter Template
- OPSEC Working Group Charter Template
- NCSC Memo on National Operations Security Program
- OPSEC Training Standards NOP PMO ADVISORY
- NSPM 28 List Of Requirements Appendix A
- OPSEC Critical Information List Job Aid
- OPSEC Awareness Month Messaging Champion Communications Packet for Universities/Colleges
OPSEC Posters