Topics

This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. 

This publication provides an overview of the security and privacy challenges pertinent to public cloud computing. While the document is written with Federal agencies in mind, it also highlights considerations all organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment.

This report highlights NSA's top ten recommended mitigation strategies that cloud customers should take to improve their security posture. Each strategy has an associated cybersecurity information sheet hyperlinked that describes it in more detail.

The ReConnect Loan and Grant Program furnishes loans and grants to provide funds for the costs of construction, improvement, or acquisition of facilities and equipment needed to provide broadband service in eligible rural areas.

This resource, while aimed at emergency communications practitioners, it can help all communication providers and suppliers familiarize themselves with the impacts of extreme weather on communication systems and improve their response strategies. Some weather events may also produce multiple kinds of extreme conditions, resulting in compounding and concurrent communications concerns.

The Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management product provides a framework that includes a consistent naming methodology for attributes of components, a format for identifying and providing information about the different types of components, and guidance of what HBOM information is appropriate depending on the purpose for which the HBOM will be used. The Appendix's "Mapping to SBOM Formats" includes definitions that include a direct 1:1 mapping to alternative BOM formats such as CycloneDX and SPDX.

Developed by the ICT Supply Chain Risk Management Task Force, the resource guide provides a valuable starting point for Small and Medium-sized Businesses (SMB) to develop and tailor an ICT SCRM plan that meets the needs of their business. The Task Force SMB Resource Guide is a supportive tool that an organization can leverage to establish an actionable SCRM plan that will support the mitigation of risks and disruptions to their supply chains.

(Updated September 20, 2023)

This document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) to ensure unity of effort in combating the growing threat of ransomware attacks.

This document provides the ever-increasing community of digital businesses a set of Key Practices that any organization can use to manage cybersecurity risks associated with their supply chains. The Key Practices presented in this document can be used to implement a robust C-SCRM function at an organization of any size, scope, and complexity.