CISA Vulnerability Assessments

The Homeland Security Presidential Directive-7 (HSPD-7) (2003), Presidential Policy Directive-21 (PPD-21) (2013) and the National Infrastructure Protection Plan (NIPP) (2013) highlight the need for a centrally managed repository of infrastructure attributes capable of assessing risks and facilitating data sharing. To support this mission need, the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD) Office of Infrastructure Protection (IP) is developing the IP Gateway. The IP Gateway contains several capabilities which support the homeland security mission in the area of critical infrastructure (CI) protection. The IP Gateway allows Protective Security Advisors (PSAs) and Cyber Security Advisors (CSAs) to conduct voluntary surveys on CI facilities. These surveys are web-based and are used to collect a facility’s basic, high-level information, and its dependencies. This data is then used to determine a Protective Measures Index (PMI) and a Resilience Measures Index (RMI) for the surveyed facility. This information allows a facility to see how it compares to other facilities within the same sector as well as allows them to see how adjusting certain aspects would change their score. This allows the facility to then determine where best to allocate funding and perform other high level decision making processes pertaining to the security and resiliency of the facility.

The latest form for CISA Vulnerability Assessments expires 2021-01-31 and can be found here.