FYSA -- these guides were developed for federal agencies -- but you may find
them useful.
The Cybersecurity and Infrastructure Security Agency (CISA) is announcing the
issuance of three Capacity Enhancement Guides for the federal civilian
executive branch agencies: Implementing Strong Authentication, Securing Web
Browsers and Defending Against Malvertising and Counter-Phishing Guidance.
Capacity Enhancement Guides support CISA's role as the Nation's cybersecurity
risk advisor by sharing high priority recommendations, best practices, and
operational insights in response to systemic threats, vulnerabilities, and
risks. While these guides are specifically directed at federal agencies, they
contain best practices that can be applied more broadly across state, local,
tribal, and territorial governments and commercial industry.
The Implementing Strong Authentication Capacity Enhancement Guide lays out the
concept of authentication, recommends related security enhancements, and
provides guidance to help plan and implement a strong authentication solution.
Weak authentication is a common vulnerability for information systems-it is
consistently one of CISA's top five findings for Federal High Value Asset
systems. Implementing strong authentication methods across an organization can
dramatically improve resilience against common cybersecurity threats.
The Securing Web Browsers and Defending Against Malvertising Capacity
Enhancement Guide advises federal agencies on the threat posed by malicious
advertisements (malvertising) and recommends actions to protect web browsers
from malvertising threats.
The Counter-Phishing Guidance Capacity Enhancement Guide recommends technical
capabilities to protect email systems and networks against malicious phishing
emails.
Copies of the guides are posted at Capacity Enhancement Guides for Federal
Agencies |
CISA<https://www.cisa.gov/publication/capacity-enhancement-guides-federal-agencies>.
Please contact CISA (via email at
central@xxxxxxxxxxxx<mailto:central@xxxxxxxxxxxx> or by phone at
1-888-282-0870) to report an intrusion or to request either technical
assistance or additional resources for incident response.
Theresa A. Masse
Cyber Security Advisor, Region X (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671 Email:
theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>