CISA Capacity Enhancement Guides for Strong Authentication, Secure Web Browsers/Malvertising, and Phishing

The Cybersecurity and Infrastructure Security Agency (CISA) is announcing the issuance of three “Capacity Enhancement Guides.” While these guides are specifically directed at federal agencies, they contain best practices that can be applied more broadly across state, local, tribal, and territorial governments and the private sector. Access the guides at CISA.

The guides include:

• The Implementing Strong Authentication Capacity Enhancement Guide lays out the concept of authentication, recommends related security enhancements, and provides guidance to help plan and implement a strong authentication solution. Weak authentication is a common vulnerability for information systems – it is consistently one of CISA’s top five findings for Federal High Value Asset systems. Implementing strong authentication methods across an organization can dramatically improve resilience against common cybersecurity threats.
• The Securing Web Browsers and Defending Against Malvertising Capacity Enhancement Guide advises federal agencies on the threat posed by malicious advertisements (malvertising) and recommends actions to protect web browsers from malvertising threats.
• The Counter-Phishing Guidance Capacity Enhancement Guide recommends technical capabilities to protect email systems and networks against malicious phishing emails.