Readiness

The following provides resources for cybersecurity best practices, system configuration benchmarks, implementation guides, sample policies and procedures, and cybersecurity training modules.

Benchmarks, Policies & Guides

• Center for Internet Security – Benchmarks This is a summary page for the 140+ configuration guidelines for various technology groups to safeguard systems developed by CIS.
• Center for Internet Security – Controls Organizations around the world rely on the CIS Controls security best practices to improve their cyber defenses. CIS Controls Version 7.1 introduces new guidance to prioritize Controls utilization, known as CIS Implementation Groups (IGs). The IGs are a simple and accessible way to help organizations classify themselves and focus their security resources and expertise while leveraging the value of the CIS Controls.
• Center for Internet Security – Hardened Images CIS Hardened Images are virtual machine emulations preconfigured to provide secure, on-demand, and scalable computing environments in the cloud.
• Center for Internet Security – Telework and Small Office Network Security Guide is meant to assist individuals and organizations in securing commodity routers, modems, and other network devices. Securing these devices is important as there are serious cybersecurity considerations surrounding the usage of network devices.
• Cybersecurity Hub White Papers Cyber Security Hub is devoted to providing enterprise security professionals with the most comprehensive selection of cyber security whitepapers. All members of the website can research topics through its collection of IT security reports.
• Global Cyber Alliance – Cybersecurity Toolkit This website provides free and effective tools you can use today to take immediate action to reduce risk for your business.
• DISA – Security Technical Information Guide (STIG) The Security Technical Implementation Guides (STIGs) are the configuration standards for DOD IA and IA-enabled devices/systems. The STIGs contain technical guidance to “lock down” information systems/software that might otherwise be vulnerable to a malicious computer attack.
• DISA – Security Technical Information Guide (STIG): Document Library Direct link to the STIGs document library
• SANS – Policy Templates SANS Security Policy Resource page, a consensus research project of the SANS community. The ultimate goal of the project is to offer everything you need for rapid development and implementation of information security policies.

Training Resources

• Controlled Unclassified Information Security Requirements Workshop provided by NIST On October 18, 2019 the National Institute of Standards and Technology (NIST) hosted an informational workshop providing an overview of Controlled Unclassified Information (CUI), the Defense Acquisition Regulations System (DFARS) Safeguarding Covered Defense Information and Cyber Incident Reporting Clause, and NIST Special Publications 800-171 and 800-171A. 
• DoD Cyber Exchange Training Collection of cyber training courses and training aids provided by the DoD Cyber Exchange. It provides an overview of cybersecurity threats and best practices to keep information and information systems secure. 
• KnowBe4 – Security and Awareness Training KnowBe4 is a large security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
• SBA – Introduction to Cybersecurity SBA resource that provides an introduction to cybersecurity for small business.
• U.S. Department of Health & Human Service Security Awareness and Training This resource provides general awareness and role-based information security training documents.