Critical Infrastructure Protection Resources

FEMA Emergency Management Institute: The Emergency Management Institute (EMI) offers self-paced courses designed for people who have emergency management responsibilities and the general public. All are offered free-of-charge to those who qualify for enrollment.

CISA’s Critical Infrastructure Training: Cybersecurity and Infrastructure Security Agency’s (CISA) Infrastructure Security Division offers a wide array of free training programs to government and private sector partners. These web-based independent study courses, instructor-led courses, and associated training materials provide government officials and critical infrastructure owners and operators with the knowledge and skills needed to implement critical infrastructure security and resilience activities.

TRACIE Topic Collections: List of collected resources, including additional trainings, guidance, and plans, tools, and templates, organized by topic.

National Critical Functions: Information on the Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s National Critical Functions prioritization of critical infrastructure and a more systematic approach to corresponding risk management activity.

Critical Infrastructure Partnership Advisory Council (CIPAC): Information on the Department of Homeland Security’s Critical Infrastructure Partnership Advisory Council (CIPAC), which facilitates interaction between governmental entities and representatives from the community of critical infrastructure owners and operators.

National Infrastructure Protection Plan (NIPP): Outlines how government and private sector participants in the critical infrastructure community work together to manage risks and achieve security and resilience outcomes.

National Defense Authorization Act (NDAA): Outlines the legislative authorities and responsibilities of the Sector Risk Management Agency role.

Health Care and Public Health Sector Cybersecurity Framework Implementation Guide: The Health Care and Public Health Sector Cybersecurity Framework Implementation Guide was developed to help organizations establish a strong cybersecurity program or validate the effectiveness of an existing program. The guide enables organizations to map their existing program to the NIST Cybersecurity Framework, identify improvements, and communicate results. This guide was developed to incorporate and align with processes and tools the organization is already using or plans to use.

Cybersecurity Act of 2015, Section 405(d): The CSA 405(d) Task Group enhances cybersecurity and aligns industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity.

Knowledge on Demand: This new online educational platform offers free cybersecurity trainings for health and public health organizations to improve cybersecurity awareness.

Health Industry Cybersecurity Practices (HICP) 2023 Edition: The HICP 2023 Dedition is a foundational publication that aims to raise awareness of cybersecurity risks, provide best practices, and help the HPH Sector set standards in mitigating the most pertinent cybersecurity threats to the sector.

Hospital Cyber Resiliency Initiative Landscape Analysis - PDF: This report focuses on domestic hospitals’ current state of cybersecurity preparedness, including a review of participating hospitals benchmarked against standard cybersecurity guidelines such as HICP 2023 and the National Institute of Standards and Technology Cybersecurity Framework.

Health Sector Cybersecurity Coordination Center (HC3): Health Sector Cybersecurity Coordination Center (HC3) was created by the Department of Health and Human Services to aid in the protection of vital, healthcare-related controlled information and ensure that cybersecurity information sharing is coordinated across the HPH Sector.

Management Checklist for COVID-19 Teleworking Surge: This checklist is designed as a quick reference for healthcare enterprise management to consider important factors in a teleworking strategy that minimizes downtime and latency while supporting patient care, operational and IT security, and supply chain resilience.

Health Industry Cybersecurity Information Sharing Best Practices: Provides HPH Sector organizations interested in information sharing with a set of guidelines and best practices for efficient and effective information sharing.

Health Industry Cybersecurity Protection of Innovation Capital: A resource to security and risk practitioners at any stage of their information protection program’s maturity, with a particular focus on Innovation Capital (IC) protection.

Health Industry Cybersecurity Tactical Crisis Response Guide: This document is constructed by industry and government experts to help guide response activities.

Health Industry Cybersecurity Supply Chain Risk Management Guide: The Joint Supply Chain Cybersecurity Task Group developed this supply chain cybersecurity risk management guide to provide structure and aid as a tool targeted at smaller to mid-sized health organizations.

• Plan:  Version 2 of the National Cybersecurity Strategy Implementation Plan outlines actions the Federal Government is taking to improve U.S. national cybersecurity posture. This updated roadmap describes 100 high-impact Federal initiatives, each intended to substantively increase our collective digital security and systemic resilience.
  
• Fact Sheet: Biden-⁠Harris Administration Releases Version 2 of the National Cybersecurity Strategy Implementation Plan 
  

Action Guide for Hospitals & Healthcare Facilities- Security Awareness for Soft Targets and Crowded Places: This action guide from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) offers guidance, mitigation strategies, and protective measures for hospitals and healthcare facilities against active shooters.

Security and Resiliency Guide- Counter-Improvised Explosive Device (C-IED ) Annex for Healthcare and Public Health Facility Stakeholders: This guide from CISA defines actions that management and healthcare facility staff can take to understand and improve their ability to perform counter-IED (C-IED) activities and make security decisions.

Report on Executive Order 14017: On June 8, 2021, the Biden Administration issued a report making a series of policy recommendations to address the vulnerabilities in U.S. pharmaceutical supply chains to address the charges put forth in Executive Order 14017, Building Resilient Supply Chains, Revitalizing American Manufacturing, and Fostering Broad-Based Growth.

FDA Drug Shortages: FDA works closely with manufacturers of drugs in short supply to communicate the issue and help restore availability. FDA also works with other firms who manufacturer the same drug, asking them to increase production, if possible, in order to prevent or reduce the impact of a shortage. This site provides information on current and past drug shortages as well as manuals and related resources to help prevent and manage shortages.

American Society of Health-System Pharmacists Drug Shortages: Provides additional information on drug shortages and management.

ASPR TRACIE’s Partnering with the Healthcare Supply Chain Resource: Provides emergency planning and response considerations of healthcare supply chain owners, operators, and end users.