Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society

CISA, in partnership with the following organizations, co-authored this joint guide:

• U.S. Department of Homeland Security (DHS)
• U.S. Federal Bureau of Investigation (FBI)
• United Kingdom National Cyber Security Centre (NCSC-UK)
• Canadian Centre for Cyber Security (CCCS)
• Estonian National Cyber Security Centre (NCSC-EE)
• National Center of Incident Readiness and Strategy for Cybersecurity (NISC) Japan, National Police Agency (NPA) Japan, Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)
• National Cyber Security Centre – Finland (NCSC-FI)

The joint guidance, Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society, provides civil society organizations and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages software manufactures to actively implement and publicly commit to Secure by Design practices that are necessary to help protect vulnerable and high-risk communities. 

Civil society, comprised of organizations and individuals such as– nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities involved in defending human rights and advancing democracy–are considered high-risk communities. Often these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests.  

CISA and partners encourage civil society organizations and software manufacturers to review and implement the mitigations and practices in the joint guide to mitigate the threat posed by malicious cyber actors to civil society organizations. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more on protecting civil society, visit CISA’s Cybersecurity Resources for High-Risk Communities webpage.