Resource Library

The ISAO Standards Organization is developing the Resource Library as part of our effort to promote robust information sharing and analysis related to cybersecurity risks and incidents.

The Resource Library is a hub of resource links, documents, tools, templates, checklists, and best practices essential for the development of services and capabilities needed to improve effective information sharing and analysis within any community of interest. Whether you’re part of an existing information sharing organization, looking to form one, or simply want to learn more about the subject, we invite you to explore our growing collection of digital resources. The Resource Library will inform and empower your organization with knowledge and tools to improve your cybersecurity posture.

Type of Resource
Show All
Alerts, Notifications, and Reporting
Cybersecurity Professional Associations
Incident Response Support
Publications and Guidelines
Tools
Training and Training Resources
Other Resources
Government Programs and Services
Search
  • Cybersecurity Professional Associations
    (ISC)²
    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security.
  • Training and Training Resources
    (ISC)² Center for Cyber Safety and Education
    The Center for Cyber Safety and Education is the nonprofit, charitable foundation of (ISC)². The Center is the global authority on internet safety education and the leading source of research and information on the international information security ...
  • Publications and Guidelines
    Attack Prevention
    Attack Prevention is an online resource that provides thousands of free network security whitepapers, videos, podcasts, and security tools.
  • Government Programs and Services, Publications and Guidelines
    Business Continuity Plan Resources from Ready.gov
    Templates and guidelines from Ready.gov for businesses to develop their own Business Continuity Plans.
  • Government Programs and Services, Other Resources
    Business Laws from the US Small Business Administration
    A summary of laws and regulations relevant to small businesses provided by the US Small Business Administration.
  • Training and Training Resources
    Carnegie Mellon CSIRT Development and Training (CDT) Team
    Carnegie Mellon Software Engineering Institute’s CSIRT development and training (CDT) team helps organizations to develop, operate and improve incident management capabilities. Organizations can take advantage of the products, training, reports and w...
  • Tools
    Carnegie Mellon Software Engineering Institute (SEI)
    The SEI offers tools and methods for a wide variety of ISAO activities to include cyber risk and resilience management, network situational awareness, vulnerability analysis, among others.
  • Alerts, Notifications, and Reporting, Incident Response Support
    Carnegie Mellon Software Engineering Institute (SEI) Cert Coordination Center
    Addresses risks at the software and system level. Identifies and addresses existing and potential threats, notifies system administrators and other technical personnel of these threats, and coordinates with vendors and incident response teams worldwi...
  • Publications and Guidelines
    Center for Strategic and International Studies (CSIS) Critical Controls for Effective Cyber Defense
    CSIS’ Critical Controls for Effective Cyber Defense, commonly referred to as The 20 Critical Controls, is a consensus document outlining 20 crucial controls that form a prioritized baseline of information security measures that can be applied across ...
  • Publications and Guidelines
    CIO Magazine – 10 Great Cybersecurity News Sources
    This link provides unusual, but helpful, access to the author’s Top Ten Cybersecurity News Sources for anyone to consider as up-to-date information about cybersecurity and breaking news. The article is dated but the additional links to the ten sites ...
  • Publications and Guidelines
    Cyber Defense Magazine
    This link provides timely and important topics on IT security information. Whitepapers, latest news, and upcoming cyber security events. The monthly E-Magazine sign-up is free.
  • Cybersecurity Professional Associations
    Cyber Threat Alliance
    The Cyber Threat Alliance is a group of cyber security practitioners from organizations who have chosen to work together to share threat information to improve defenses against cyber adversaries.
  • Government Programs and Services, Publications and Guidelines
    Department of Justice (DOJ) Best Practices for Victim Response and Reporting of Cyber Incidents
    Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber-attack. A quick, effective response can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response...
  • Alerts, Notifications, and Reporting, Government Programs and Services
    DHS Automated Indicator Sharing (AIS)
    The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat indicators between the Federal Government and the private sector at machine speed. Threat indicators are pieces of info...
  • Government Programs and Services, Other Resources
    DHS Coordinating Councils
    The NIPP established four cross-sector councils that participate in planning efforts regarding the development of national priorities and policy related to the resilience and capacity-building objectives of the NIPP: the Critical Infrastructure Cross...
  • Government Programs and Services, Other Resources
    DHS Critical Infrastructure Cyber Community Voluntary Program (C³)
    Voluntary Program to assist in enhancing critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST’s) Cybersecurity Framework, released in February 2014. The C³ Voluntary Program...
  • Government Programs and Services, Other Resources
    DHS Cyber Information Sharing and Collaboration Program (CISCP)
    The Cyber Information Sharing and Collaboration Program (CISCP) is a no-cost information sharing partnership between enterprises and DHS. It creates shared situational awareness across critical infrastructure communities, enhances cybersecurity colla...
  • Government Programs and Services, Tools
    DHS Cyber Infrastructure Survey Tool (C-IST)
    The Cyber Infrastructure Survey Tool (C-IST) is an assessment of essential cybersecurity practices in place for critical services within critical infrastructure organizations. C-IST is a structured, interview-based assessment focusing on more than 80...
  • Government Programs and Services, Training and Training Resources
    DHS Cyber Security Advisors (CSAs)
    Cyber Security Advisors (CSAs) are regionally located DHS personnel who direct coordination, outreach, and regional support to protect cyber components essential to the sustainability, preparedness, and protection of U.S. critical infrastructure and ...
  • Government Programs and Services, Tools
    DHS Cybersecurity Evaluation Tool (CSET) and On-Site Cybersecurity Consulting
    The Cybersecurity Evaluation Tool (CSET), a self-assessment tool, offers assessments of the security posture of industrial control systems. Features include mapping to control systems standards based on the sector, as well as a network architecture m...
  • Government Programs and Services, Publications and Guidelines
    DHS Cybersecurity Service Offering Reference Aids
    DHS’s National Protection and Programs Directorate (NPPD) has developed a list of freely available reports and resources pertinent to managing the acquisition of cybersecurity services. It is not intended to be exhaustive but covers a wide range of c...
  • Government Programs and Services, Tools
    DHS Cybersecurity Workforce Development Toolkit
    Organizations need to have the right staff in place to protect their information, customers, and networks. They need to find and keep top cybersecurity staff. DHS has a new resource to help organizations get—and keep—the right cybersecurity staff and...
  • Government Programs and Services, Tools
    DHS Enhanced Cybersecurity Services (ECS)
    Enhanced Cybersecurity Services (ECS) is an intrusion prevention and analysis capability that helps U.S.-based companies protect their computer systems against unauthorized access, exploitation, and data exfiltration. ECS works by sharing sensitive a...
  • Government Programs and Services, Training and Training Resources
    DHS Federal Virtual Training Environment (FedVTE)
    Virtual Training Environment (FedVTE) content library contains prerecorded classroom cybersecurity training for Federal Government personnel and contractors, as well as state, local, tribal, and territorial government personnel. FedVTE provides gover...
  • Alerts, Notifications, and Reporting, Government Programs and Services
    DHS Homeland Security Information Network (HSIN)
    The Homeland Security Information Network (HSIN) is the trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, state, local, territorial, tribal, international, and private-sector homeland s...
  • Government Programs and Services, Incident Response Support, Training and Training Resources
    DHS Protective Security Advisors (PSAs)
    Protective Security Advisors (PSAs) are security subject matter experts who engage with SLTT government mission partners and members of the private-sector stakeholder community to protect the Nation’s critical infrastructure. Regional directors overs...
  • Government Programs and Services, Other Resources
    DHS Stop.Think.Connect. Campaign
    Launched in 2010, the Stop.Think.Connect. (STC) campaign was created to empower Americans to reduce cyber risk online by incorporating safe habits into their online routines. The campaign was conceived by a private coalition, the National Cyber 602 S...
  • Government Programs and Services, Publications and Guidelines
    Disaster Recovery Plan Resources from Ready.gov
    Templates and guidelines from Ready.gov for businesses to develop their own Disaster Recovery Plans.
  • Government Programs and Services, Other Resources
    Electronic Communications Privacy Act of 1986
    A summary of the ECPA, which protects the privacy of communications.
  • Other Resources
    Email Monitoring Rules
    A list of laws governing how and when employers can monitor their employees’ electronic communication.
  • Government Programs and Services, Other Resources
    FBI Domestic Security Alliance Council (DSAC)
    Modeled on the U.S. Department of State’s Overseas Security Advisory Council, the Domestic Security Alliance Council (DSAC) was created in October 2005 to strengthen information sharing with the private sector to help prevent, detect, and investigate...
  • Government Programs and Services, Other Resources
    FBI Fusion Centers
    Fusion centers are usually set up by states or major urban areas and run by state or local authorities, often with the support of the FBI. They “fuse” intelligence from participating agencies to create a more comprehensive threat picture, locally and...
  • Alerts, Notifications, and Reporting, Government Programs and Services
    FBI Internet Crime Complaint Center (IC3) Complaint Reporting Form
    Online form for reporting internet fraud such as phishing.
  • Government Programs and Services, Publications and Guidelines
    FBI Internet Crime Complaint Center (IC3) Prevention Tips
    Tips from the FBI for businesses to protect themselves from IT disasters and cyber threats. Information about ransomware, including tips on how to protect against it. Information about business email compromises, including tips on how protect again...
  • Government Programs and Services, Publications and Guidelines
    FCC Communications Security, Reliability and Interoperability Council (CSRIC)
    The mission of the Communications Security, Reliability and Interoperability Council (CSRIC) is to provide recommendations to the Federal Communications Commission (FCC) to ensure optimal security and reliability of communications systems, including ...
  • Government Programs and Services, Publications and Guidelines
    FCC Cybersecurity Planning Guide
    The Cybersecurity Planning Guide is designed to meet the specific needs of a company using the FCC’s customizable Small Biz Cyber Planner tool. The tool is designed for businesses that lack the resources to hire dedicated staff to protect their busin...
  • Government Programs and Services, Publications and Guidelines
    FCC Cybersecurity Tip Sheet
    The FCC has released a Cybersecurity Tip Sheet, which outlines the top 10 ways for entrepreneurs to protect their companies—and customers—from cyber-attack. This streamlined resource features tips on creating a mobile device action plan and on paymen...
  • Government Programs and Services, Tools
    FCC Small Business Cyber Planner 2.0
    Information technology and high-speed Internet service are great enablers of small business success, but with the benefits comes the need to guard against growing cyber threats. In October 2012, the FCC relaunched the Small Biz Cyber Planner 2.0, an ...
  • Government Programs and Services, Tools
    Federal Emergency Management Agency (FEMA) Emergency Planning Exercises
    The Federal Emergency Management Agency (FEMA), Private Sector Division, Office of External Affairs, introduced a series of tabletop exercises in 2010 as a tool to help private-sector organizations advance their continuity, preparedness, and resilien...
  • Government Programs and Services, Tools
    FFIEC Cybersecurity Assessment Tool
    In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool to help institutions identify their risks and determine their cybersecur...
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: CAN-SPAM Act Compliance Guide for Business
    The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have companies stop e-mailing them, and spells out tough penalties for violations.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Careful Connections: Building Security in the Internet of Things
    The Careful Connections guidance provides advice for businesses about building security into products connected to the Internet of Things, including proper authentication, reasonable security measures, and carefully considered default settings.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Children’s Online Privacy Protection Rule Six-Step Compliance Plan For Your Business
    This compliance guidance is a step-by-step plan for determining whether a company is covered by the Children’s Online Privacy Protection Act, and it guides companies on how to comply with the rule.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Complying With the FTC’s Health Breach Notification Rule
    This guidance helps businesses complying with the Federal Trade Commission’s (FTC’s) Health Breach Notification Rule specifically determine whether they are covered by the rule and what they must do if they experience a breach of personal health reco...
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Disposing of Consumer Report Information Rule
    This guidance provides information on how companies can comply with the Disposal Rule, which requires companies to take steps to securely dispose of sensitive information derived from consumer reports once they are finished with it.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Fighting Identity Theft With the Red Flag Rule Guide For Business
    This guide provides businesses with tips to determine whether they need to design an identity theft prevention program.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Information Compromise and Risk of Identity Theft Guidance For Your Business
    These days, it is almost impossible to be in business and not have personally identifying information about customers or employees. If this information falls into the wrong hands, it could put them at risk for identity theft. This guidance provides b...
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Mobile Health Apps Interactive Tool
    This interactive tool can help businesses determine which federal rules may apply when they are developing a health app for mobile devices.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Mobile Health Providers Best Practices
    When developing a health app, sound privacy and security practices are key to consumer confidence. These FTC best practices should help businesses build privacy and security into their apps. These practices also can help companies comply with the FTC...
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Peer-To-Peer File Sharing Guide For Business
    Most businesses collect and store sensitive information about their employees and customers. This guide provides businesses using Peer-to-Peer (P2P) file-sharing software with the security implications of using such software and ways to minimize the ...
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Protecting Personal Information Guide For Business
    This guide provides practical tips for businesses on creating and implementing a plan for safeguarding personal information.
  • Government Programs and Services, Publications and Guidelines
    FTC Tips: Start With Security Guide For Business
    This guide offers 10 practical lessons that businesses can learn from the FTC’s 50-plus data security settlements. Lessons include suggestions like “Start with security,” “Control access to data sensibly,” and “Require secure passwords,” each complet...
  • Government Programs and Services, Publications and Guidelines
    ICS-CERT Control Systems Recommended Practices
    ICS-CERT offers a list of recommended practices aimed at helping industry understand and prepare for ongoing and emerging control systems cybersecurity issues, vulnerabilities, and mitigation strategies. ICS-CERT works with control systems manufactur...
  • Government Programs and Services, Training and Training Resources
    ICS-CERT Control Systems Training
    Systems Cyber Emergency Response Team (ICS-CERT) offers training in industrial control systems security at the overview, intermediate, and advanced levels, including web-based and instructor-led formats.
  • Government Programs and Services, Incident Response Support
    ICS-CERT Cyber Incident Response and Analysis
    The NCCIC Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) offers incident response services to owners of critical infrastructure assets that are experiencing impacts from cyber-attacks. Services include digital media and malware a...
  • Government Programs and Services, Tools
    ICS-CERT Cybersecurity Evaluation Tool (CSET)
    The Cybersecurity Evaluation Tool (CSET), a self-assessment tool, offers assessments of the security posture of industrial control systems.
  • Cybersecurity Professional Associations
    Information Systems Security Association (ISSA)
    ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
  • Publications and Guidelines
    Information Week: Dark Reading
    The Dark Reading site is well known amongst cybersecurity personnel. Along with most helpful items to review Dark Reading also provides the latest on attacks/breaches and vulnerabilities/threats. The Executive Editor, Ms. Higgins, writes up-to-date a...
  • Publications and Guidelines
    Infosecurity Magazine
    This magazine provides informative cybersecurity information under headings such as Topics, News, Webinars, and Whitepapers. Subscription is free.
  • Other Resources
    InfraGard
    InfraGard is a partnership between the FBI and the private sector. It is an association of people who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and i...
  • Training and Training Resources
    International Council of Electronic Commerce Consultants (EC-Council)
    Provides information about the EC Council programs including Certified Ethical Hacker, Security Analyst, Advanced Network Defense and a host of other relevant cyber-security programs. The EC Council is a recognized authority around the globe.
  • Publications and Guidelines
    International Telecommunications Union — Telecommunications (ITU-T) Standarization
    The International Telecommunication Union is a specialized agency of the United Nations responsible for issues that concern information and communication technologies. The Study Groups of ITU’s Telecommunication Standardization Sector assembles globa...
  • Cybersecurity Professional Associations
    ISACA
    As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control...
  • Government Programs and Services, Publications and Guidelines
    IT Preparedness Tips from the DHS and FEMA for Business on Ready.gov
    Tips from the DHS and FEMA for businesses to protect themselves from IT disasters and cyber threats.
  • Training and Training Resources
    Microsoft Brochure Templates
    Templates for awareness brochures, newsletters, posters, and more.
  • Publications and Guidelines
    MITRE Publications
    MITRE has publications regarding many aspects of cybersecurity and provide tactics, techniques, and procedures to assist ISAOs.
  • Other Resources
    Multi-State Information Sharing and Analysis Center (MS-ISAC)
    Grant-funded by DHS, the Multi-State Information Sharing and Analysis Center (MS-ISAC) exists to improve the overall cybersecurity posture of state, local, tribal, and territorial governments and is designated as the key resource for cyber threat pre...
  • Government Programs and Services, Publications and Guidelines
    National Checklist Program (NCP)
    The National Checklist Program (NCP) is the US government repository of publicly available security checklists (or benchmarks) that provide details low level guidance on setting the security configuration of operating systems and applications.
  • Alerts, Notifications, and Reporting
    National Cyber Awareness System (NCAS)
    The National Cyber Awareness System produces advisories, alert and situation reports, analysis reports, current activity updates, daily summaries, indicator bulletins, periodic newsletters, recommended practices, a Weekly Analytic Synopsis Product (W...
  • Government Programs and Services, Training and Training Resources
    National Cyber Exercise and Planning Program Exercise Team
    The NCCIC’s National Cyber Exercise and Planning Program (NCEPP) provides cyber exercise and cyber incident response planning support to all DHS stakeholders. NCEPP delivers a full spectrum of cyber exercise planning workshops and seminars, and condu...
  • Training and Training Resources
    National Cyber Security Alliance (NCSA) Online Safety Tips
    Tips for businesses to protect themselves from cyber threats while using the internet.
  • Government Programs and Services, Other Resources
    National Cyber Security Awareness Month
    Recognizing the importance of cybersecurity awareness, the Department of Homeland Security leads National Cyber Security Awareness Month (NCSAM) annually in October. The Department is committed to raising cybersecurity awareness across the nation and...
  • Training and Training Resources
    National Cyber-Forensics & Training Alliance
    The National Cyber-Forensics & Training Alliance, located in Pittsburgh, consists of experts from industry, academia, and the FBI who work side by side to share and analyze information on the latest and most significant cyber threats.
  • Government Programs and Services, Incident Response Support
    National Cybersecurity Assessment and Technical Services
    The NCCIC’s National Cybersecurity Assessment and Technical Services (NCATS) offers cybersecurity scanning and testing services that identify vulnerabilities within stakeholder networks and provide risk analysis reports with actionable remediation re...
  • Training and Training Resources
    National Cybersecurity Preparedness Consortium
    To fill the cyber security preparedness training and technical assistance gap and to increase cyber security preparedness throughout the nation five universities have partnered and collaborated to establish the National Cybersecurity Preparedness Con...
  • Government Programs and Services, Other Resources
    National Infrastructure Protection Plan
    The National Infrastructure Protection Plan (NIPP) provides a framework for collaboration between DHS and the private sector and implements Federal Government policy for improving the Nation’s resilience. It lays out the structural model through whic...
  • Government Programs and Services, Other Resources
    National Initiative for Cybersecurity Careers and Studies (NICCS)
    The National Initiative for Cybersecurity Careers and Studies (NICCS) portal is a one-stop shop for cybersecurity careers and studies. It connects the public with information on cybersecurity awareness, degree programs, training, careers, and talent ...
  • Government Programs and Services, Publications and Guidelines
    National Security Cyber Assistance Program (NSCAP)
    The National Security Cyber Assistance Program (NSCAP) explores viable approaches to defend against current cyber threats inherent within the cyber domain.
  • Government Programs and Services, Training and Training Resources
    National Training and Education Division
    The National Training and Education Division (NTED) provides tailored training to enhance the capacity of state and local jurisdictions to prepare for, prevent, deter, respond to, and recover safely and effectively from potential manmade and natural ...
  • Publications and Guidelines
    NICCS National Cybersecurity Workforce Framework
    The National Cybersecurity Workforce Framework is an online resource that classifies the typical duties and skill requirements of cybersecurity workers. It is meant to define professional requirements in cybersecurity, much as in other professions su...
  • Government Programs and Services, Publications and Guidelines
    NIST Framework For Improving Critical Infrastructure Cybersecurity
    Created through collaboration between industry and government, the Framework for Improving Critical Infrastructure Cybersecurity consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, f...
  • Government Programs and Services, Publications and Guidelines
    NIST Interagency Report 7621—Small Business Information Security: The Fundamentals
    Small businesses are a very important part of the economy and a significant part of the critical U.S. economic and cyber infrastructure. Because larger businesses have been strengthening information security with significant resources, technology, pe...
  • Government Programs and Services, Publications and Guidelines
    NIST Special Publication 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
    This document by the National Institute of Standards and Technology (NIST) uses a broad definition of PII in order to identify as many potential PII sources as possible in order to protect this information.
  • Government Programs and Services, Publications and Guidelines
    NIST Special Publication 800-150: Guide To Cyber Threat Information Sharing
    This draft guide provides guidelines for establishing, participating in, and maintaining cyber threat information sharing relationships. The publication describes the benefits and challenges of sharing, the importance of building trust, the handling ...
  • Government Programs and Services, Publications and Guidelines
    NIST Special Publication 800-36: Guide To Selecting Information Technology Security Products
    The selection of information technology security products is an integral part of the design, development, and maintenance of an infrastructure that ensures confidentiality, integrity, and availability of mission-critical information. NIST Special Pub...
  • Tools
    Penetration Testing and Cybersecurity Excercise Tools by Kali
    A Linux package built explicitly for learning about cybersecurity and penetration testing.
  • Other Resources
    Regional Consortium Coordinating Council (RC3)
    RC3 is a consortium composed of regional groups engaged in partnering functions in support of resilience, all-hazards planning and coordination, training, cybersecurity, and other resilience projects and initiatives. RC3 supports its member organizat...
  • Training and Training Resources
    Security Intelligence
    This site provides important webinars on subjects covering a spectrum from data protection technologies to identity governance. Webinar registration is free.
  • Training and Training Resources
    Security Policies by Sans.org
    Templates which businesses can use to develop their own security policies.
  • Tools
    STIX, TAXII, and CYBOX
    The Structured Threat Information Expression (STIX), Trusted Automated Exchange of Indicator Information (TAXII), and Cyber Observable Expression (CYBOX) tools are an open community-driven effort and a set of free, available specifications that help ...
  • Training and Training Resources
    U.S. Security Awareness
    Dedicated to increasing security awareness among the general population and the technology community. Basic Security is aimed at the average person, Advanced Security is aimed at technologists, senior management and legislators involved in security a...
  • Alerts, Notifications, and Reporting, Government Programs and Services
    US-CERT and ICS-CERT National Cyber Awareness System
    Alerts, bulletins, tips, and technical documents are published by ICS-CERT and US-CERT. ICS-CERT and US-CERT also provide response support and defense against cyber attacks for the Federal Civil Executive Branch and facilitate information sharing and...
  • Government Programs and Services, Tools
    US-CERT Cyber Resilience Review (CRR)
    The Cyber Resilience Review (CRR) is a no-cost, voluntary, nontechnical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated...