Cybersecurity Awareness for Industry & Academia
eLearning Courses
- Cyber Security Awareness, CS130.16
This 30-minute course provides a working knowledge of cyber intrusion methods and cybersecurity countermeasures to assist employees in preventing cyber attacks and protecting their systems and information.
Job Aids
- Cyber Essentials Guide
This guide developed by CISA is for leaders of small businesses as well as leaders of small and local government agencies to enable them to develop an actionable understanding of where to start implementing organizational cybersecurity practices. - Mobile Device Safety
This job aid from the Office of the Director of National Intelligence (ODNI) provides basic tips for mobile device safety in the current environment. - Spearfishing and Common Cyber Attacks
This job aid from the Office of the Director of National Intelligence provides information about spearfishing and current cyber attack methods. - Top 10 Routinely Exploited Vulnerabilities
This job aid provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)—to help organizations reduce the risk of these foreign threats. - CISA Regional Offices
This job aid provides a map with CISA Regional Office contact information.
Reports
- NIST Framework for Improving Critical Infrastructure Cybersecurity
Executive Order 13636 directed NIST to work with stakeholders to develop a voluntary framework - based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. Created through collaboration between industry and government, the voluntary framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the framework helps owners and operators of critical infrastructure to manage cybersecurity-related risk.
Toolkits
- Cyber Essentials Toolkit
The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Each chapter focuses on recommended actions to build cyber readiness into the interrelated aspects of an organizational culture of cyber readiness. - NSA Cybersecurity Advisories and Technical Guidance
This site provides advisories and mitigations on evolving cybersecurity threats. Some resources on this site have access requirements. - OnGuardOnline
This Federal Trade Commission website contains general information and tips to protect information and devices online. - NCSC Awareness Materials
The materials in this toolkit will enable personnel to better understand existing threats to and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access.
Watch & Learn
- NCSC Cyber Training Series
This is a series of three courses designed for professionals new to the cyber realm. It introduces users to the computer'scomponent layers and associated functions, virtualization concepts, and security methods. - Protect Your Computer from Malware
Malware is short for “malicious software." It includes viruses and spyware that get installed on your computer or mobiledevice without your consent. Learn more about how to avoid, detect, and get rid of malware.
Webinars
- Creating a Workplace Culture of Cybersecurity
This CDSE webcast is designed for those with responsibility for ensuring a secure cybersecurity environment in theworkplace and will give practical tips for how to develop a culture that promotes good cybersecurity practices.
National Cybersecurity Policy for Industry & Academia
Policy
- NIST Special Publications Library (800 Series)
- NIST SP 800-146 Cloud Computing Synopsis and Recommendations
- Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (OMB Memo)
- Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Social Media Considerations for Industry & Academia
Job Aids
- Social Media Safety
This job aid from ODNI provides best practices for navigating social media safely. - Social Media: Leveraging Value while Mitigating Risk
The slides from a presentation by David Etue, Vice President of Corporate Development Strategy at SafeNet, discuss theimportance, impact and risk of social media in protection health information, and discuss some best practices in mitigation ofthose risks. - Facebook Smartcard (Configuration Guide)
This is a quick configuration guide for Facebook. - Facebook Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their Facebook profile to mitigatetheir risk. - LinkedIn Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their LinkedIn profile to mitigatetheir risk. - Twitter Smartcard (Configuration Guide)
This is a quick configuration guide for Twitter. - Twitter Smartcard (Trifold)
This trifold brochure is an easy way to provide employees with the basics of configuring their Twitter account to mitigatetheir risk.
Reports
- Internet Social Networking Risks
This ODNI report provides definitions of terms associated with internet and social networking risks and provides practicaltips and best practices for mitigating the risk.
Watch & Learn
- Social Media Video Lesson
This video lesson explores the risks associated with social media and why you should be concerned.
Safeguarding Science
Safeguarding Science
An Outreach Initiative for Protecting Research and Innovation
in Emerging Technologies
An informed, empowered scientific community is best positioned to assess emerging technologies and their applications and to design measures to guard against the potential misuse or theft of these technologies. The National Counterintelligence and Security Center (NCSC) has partnered with multiple federal agencies to develop an outreach initiative, “Safeguarding Science,” designed to raise awareness of the spectrum of risk in emerging technologies and to help stakeholders in these fields to develop their own methods to protect research and innovation. The initiative focuses on emerging technology sectors where the stakes are potentially greatest for U.S. economic and national security, including the following:
Please click the above images for additional information.
SAFEGUARDING SCIENCE GOALS
- Promote a U.S. research ecosystem that emphasizes collaboration, openness, equity, integrity, and security, all of which facilitate innovation
- Provide curated resources for our stakeholders to support best practices in protecting research and innovation
- Supplement existing ethics training with security education to provide case studies relating to misuse and exploitation of research
- Provide inclusive educational opportunities for domestic / international students and faculty that are germane to the fields of research and development
- Assist academia and industry in developing their own methods to protect research from theft, misuse, abuse, or exploitation.
- Highlight shared responsibility of scientific community and U.S. government to protect research and innovation in emerging technologies
- Develop a culture of security awareness to supplement existing compliance measures, fostering scientific citizenship
- Evolve from a “do no harm” mentality to an explicit “not on my watch” mentality
- Foster information exchanges to better identify emerging technology security challenges
- Establish liaison contacts between scientific community and the U.S. government
- Facilitate tripwire/suspicious activity reporting
SAFEGUARDING SCIENCE TOOLKIT
The resources categorized on the upper left side of the page have been developed with partners at the National Science Foundation (NSF), National Institute for Standards and Technology (NIST), the Department of Health and Human Services (HHS), the Federal Aviation Administration (FAA), the Department of Defense (DOD), and other federal agencies.
The toolkit provides partners with a range of resources to choose from to help them better protect their research and innovation. The resources include training, best practices, videos, awareness materials, policy references, and other materials from across the U.S. government, as well as from academia (including training for research institutions made by research institutions). The toolkit will remain a dynamic resource that is maintained and updated. Select a category to start accessing resources. Links to any non-Governmental information are provided for reference and awareness, and not as directions or NCSC recommendations.
As mandated by Congress, a core NCSC mission is to conduct counterintelligence (CI) outreach to the U.S. private sector, academic and research communities, as well as other external stakeholders to arm them with information about foreign intelligence threats to their organizations and ways to mitigate risk.
The official website for the Office of the Inspector General of the Intelligence Community (IC IG) Hotline provides a confidential means for Intelligence Community employees, detailees, contractors, and the public to report information concerning suspected fraud, waste, abuse, or mismanagement of programs and activities within the responsibility and authority of the Director of National Intelligence.
What to report to the IC IG HotlineReport to the Hotline if your allegation potentially involves:
The IC IG Hotline Program also processes:
|
What not to reportIf you have an emergency, call 911 directly
|
Report suspected fraud, waste, abuse, or mismanagement of programs and activities within the responsibility and authority of the Director of National Intelligence.
- Step 1: Download the Hotline Complaint Form, using *Microsoft Edge*
- Step 2: Fill out the form
- Step 3: Email the completed form to: This email address is being protected from spambots. You need JavaScript enabled to view it.
IC employees and contractors may disclose matters of “urgent concern” to the congressional intelligence committees under the Intelligence Community Whistleblower Protection Act (ICWPA) 50 U.S.C. § 3033(k)(5).
- Step 1: Download the ICWPA Form, using *Microsoft Edge*
- Step 2: Fill out the form
- Step 3: Email the completed form to: This email address is being protected from spambots. You need JavaScript enabled to view it.
After exhausting your agency’s or department's review process and receiving the final written decision on your reprisal allegations, request the IC IG review allegations of reprisal under PPD-19, Protecting Whistleblowers with Access to Classified Information,
50 U.S.C. §§ 3234, and 3341(j).
- Step 1: Download the ERP Form, using *Microsoft Edge*
- Step 2: Fill out the form
- Step 3: Email the completed form to: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone Open:
855-731-3260 |
Open: This email address is being protected from spambots. You need JavaScript enabled to view it.
|
Office of the IC IG
Reston 3
Washington, DC 20511
|
Fax Open:
571-204-8088 |
Reprisal against an employee for making a complaint or disclosing information to the IC IG is prohibited. If you believe you have been subjected to reprisal due to a complaint or disclosure, contact the IC IG. Protection from reprisal does not extend to an employee who makes a complaint or discloses information with knowledge that the complaint or information is false or with willful disregard for its truth or falsity.
Matters for which regulations prescribe a different avenue for redress.
- If you are a current Office of the Director of National Intelligence (ODNI) employee, detailee, contractor, or applicant, and wish to file a complaint related to discrimination on the basis of race, color, religion, sex, national origin, age, disability, genetic information, or retaliation, contact the Intelligence Community Equal Employment Opportunity and Diversity Office (IC EEOD). Please contact the IC EEOD Hotline at (301) 243-0704
- If you are a current ODNI employee, detailee, or contractor, and need assistance to proactively resolve grievances and conflicts outside the formal grievance structure and without fear of reprisal, please contact the ODNI OMBUDSMAN at This email address is being protected from spambots. You need JavaScript enabled to view it. or call at 703-275-1240
- If you are a current Office of the Director of National Intelligence employee, detailee, or contractor, and wish to report security and counterintelligence incidents and/or concerns to include potential insider threat issues, please call the ODNI Security and Counterintelligence and Insider Threat office directly at (571) 280-5400
- For possible violations of civil liberties, privacy, and transparency in the administration of ODNI programs and operations, please refer to The Office of Civil Liberties, Privacy and Transparency website
- For more Oversight information, visit the ODNI Home page
Operations Security
NCSC executes the roles and responsibilities of the National Operations Security (OPSEC) Program Office, as described in National Security Presidential Memorandum 28 (NSPM-28) and supports department and agency implementation of OPSEC programs. NCSC/ETD provides additional guidance, works with all Executive Branch departments and agencies to develop their programs, and provides program development, training, and awareness materials.
As set forth in NSPM-28, the National Operations Security Program (NOP) supports the establishment, implementation, and standardization of stakeholder OPSEC programs across the Executive Branch of the U.S. Government (USG) and, as appropriate, beyond to trusted partners.
NSPM-28 requires all Executive Branch departments and agencies to implement OPSEC capabilities that identify and protect their most critical assets, identify and mitigate vulnerabilities, consider foreign adversarial threats in their organization’s risk management activities, and apply sufficient threat mitigation practices to counter the threat. NOP requirements are set forth in NSPM-28.
National OPSEC Awareness Month
NEW! National OPSEC Awareness Month Changed to May, starting 2025!
January 2024 —
Enterprise Risk Mitigation
October 2023 —
OPSEC Bulletins
May 2024 —
- Enterprise Threat Bulletin – Bystander Engagement
- Enterprise Threat Bulletin – Cloud Computing: Risk Considerations
April 2024 —
March 2023 —
NOP Authorities & Policies
- NSPM – 28 Requirements
Please Note: National Security Presidential Memorandum (NSPM) 28 is Unclassified but not approved for public release and therefore cannot be posted on this website. Stakeholders within the US government may reach out to This email address is being protected from spambots. You need JavaScript enabled to view it. to obtain a copy.
- NCSC Memo – National Security Operations Security
OPSEC Training
- Registrar: This email address is being protected from spambots. You need JavaScript enabled to view it.
- 2026 OPSEC Training Schedule
- 2025 OPSEC Training Schedule
- 2024 OPSEC Training Schedule
- OPSEC for All
OPSEC Resources & Templates
- Critical Information List (CIL) Example
- OPSEC Analysis Resources
- OPSEC for Publicly Facing Websites Checklist
- OPSEC Program Manager Appointment Letter Sample
- OPSEC Program Continuity Book (Table of Contents) Example
- OPSEC Program Plan Template 1
- OPSEC Program Plan Template 2
- OPSEC Program Plan Template 3
- OPSEC Program Policy Checklist
- OPSEC Program Policy Template
- OPSEC Program Self-Evaluation Checklist
- OPSEC Working Group Appointment Letter Template
- OPSEC Working Group Charter Template
- NCSC Memo on National Operations Security Program
- OPSEC Training Standards NOP PMO ADVISORY
- NSPM 28 List Of Requirements Appendix A
- OPSEC Awareness Month Messaging Champion Communications Packet for Universities/Colleges
OPSEC Posters
Chief Information Officer
IC Technical Specifications
Intelligence Discipline
Overview
This CVE Encoding Specification for Intelligence Discipline (INTDIS.CES) defines detailed implementation guidance for using Extensible Markup Language (XML) to encode Intelligence Discipline (INTDIS) controlled vocabulary. The INTDIS.XML vocabulary defines values that are valid intelligence discipline. The CVE Encoding Specification (CES) defines the XML elements and attributes, associated structures and relationships, mandatory and cardinality requirements, and permissible values for representing data concepts for using XML.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Entity Specification Tiger Team (ESTT).
Technical Specification Downloads
Latest Approved Public Release:
Mission Requirements
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives 203, 206, 208, 501, and 710, among others. This specification is designed to support the Intelligence Community Information Technology Enterprise (IC ITE) Increment 1 Implementation Plan.
This specification provides a common, consistent way to encode Intelligence Discipline controlled vocabulary.