Tip Sheets & Toolkit

Every business faces cybersecurity challenges, no matter the industry or size.

Employees empowered with the resources and knowledge to protect your organization from cyberthreats is one of the best lines of defense you can have.  Share this list to debunk commonly quoted cybersecurity misconceptions:

Businesses are quickly deploying all kinds of technology. Different kinds of technologies come with different risks and strategies to protect them. 
The Global Cyber Alliance (GCA) has built a toolkit for small to medium-sized businesses to enable business owners to significantly reduce the cyber risks they face every day. Use the GCA Cybersecurity Toolkit to assess your security posture, implement free tools, find practical tips, and use free resources and guides to improve your company’s cybersecurity readiness and response:


The Handbook is intended to be a guide to assist U.S. manufacturers who supply products within supply chains for the DOD and who must ensure adequate security by implementing NIST SP 800-171 as part of the process for ensuring compliance with DFARS clause 252.204-7012, “Safeguarding Covered Defense information and Cyber Incident Reporting,” available at

Visit one of the links at StaySafeOnline to check your devices for known viruses and spyware and see if your device is vulnerable to cyber attacks:

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) works with experts from industry, government, and academia to address businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies.

The U.S. Computer Emergency Readiness Team out of the Department of Homeland Security (DHS) has several resources available to businesses aligned to the five Cybersecurity Framework Function Areas: Identify; Protect; Detect; Respond; and Recover.

Some resources and programs align to more than one Function Area. These are updated as additional resources — from DHS, other Federal agencies, and the private sector — are identified:

The U.S. Department of Defense Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.

OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC).