This document is intended to provide implementation guidance for federal agencies to meet federal requirements related to encryption DNS traffic and enhance the cybersecurity posture of their IT networks, as set forth in OMB Memorandum M-22-09.1 The Memorandum sets forth a “zero trust” cybersecurity strategy for FCEB agencies.

Choosing secure and verifiable technologies. Customers have the responsibility for evaluating the suitability, security and risks associated with acquiring and operating a digital product or service. However, it is important that customers increasingly demand manufacturers embrace and provide products and services that are secure-by-design and secure-by-default.

This is the second iteration of the NCSIP, building upon the first version released in July 2023.  The NCSIP Version 2 describes 100 high-impact initiatives requiring executive visibility and interagency coordination that the Federal Government is pursuing to achieve the Strategy’s objectives. These initiatives carry over from, add to, and build upon the initiatives described in the first NCSIP, and advance the nation closer toward the Strategic Objectives sought in the National Cybersecurity Strategy.

The guidelines specifically address risks to safety and security, which are uniquely consequential to critical infrastructure. NIST defines “safety” as a property of a system such that it does not, under defined conditions, lead to a state in which human life, health, property, or the environment is endangered; safety involves reducing both the probability of expected harms and the possibility of unexpected harms. Because AI risks to critical infrastructure are highly contextual, critical infrastructure owners and operators who use AI-systems should account for their specific circumstances as they use these guidelines.

This report was prepared pursuant to the Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of AI (14110), issued October 30, 2023. Priority use cases have been identified in four broad areas where AI can be immediately deployed to improve the grid while achieving the Administration’s goals for reducing emissions and providing affordable and reliable electricity to all Americans: grid planning, permitting and siting, operations and reliability, and resilience.

This report summarizes U.S. Coast Guard Cyber Command’s (CGCYBER) findings from calendar year 2023 and the associated mitigation recommendations. CGCYBER continues to expand its presence and navigate an increasingly interconnected marine environment. As we witness a surge in technological advancements, the organizations that facilitate the exchange of goods face evolving cyber threats, demanding our unwavering attention and concerted action.

This cybersecurity information sheet (CSI) provides recommendations for maturing data security and enforcing access to data at rest and in transit, ensuring that only those with authorization can access the data. It further discusses how these capabilities integrate into a comprehensive Zero Trust (ZT) framework.

This report summarizes the recommendations and observations identified through each exercise. The recommendations are intended to help electric utilities, government partners, the E-ISAC, and other stakeholders prepare for and respond to security incidents that affect the North American electricity system.

The DIB Cybersecurity Strategy ensures that we remain on the cutting edge of what it takes to secure our infrastructure. It requires us foremost to coordinate and collaborate across the Department to identify and close gaps in protecting our DIB networks, supply chains, and other critical resources. In it, we have identified opportunities where we can bolster the cybersecurity of the DIB, align the Department's focus on systemic challenges, and provide solutions that deliver the highest return on investment.