Skip to agency navigation
Skip to main content

Official Website

of the Commonwealth of Pennsylvania

    The .gov means its official.

    Local, state, and federal government websites often end in .gov. Commonwealth of Pennsylvania government websites and email systems use "pennsylvania.gov" or "pa.gov" at the end of the address. Before sharing sensitive or personal information, make sure you're on an official state website. 

    Cybersecurity

    This page contains resources and policies for businesses and agencies to help manage risk and secure critical infrastructure.

    Protecting infrastructure and managing risk

    The national and economic security of the U.S. depends on the reliable functioning of critical infrastructure. Executive Order 13636 directed The National Institute of Standards and Technology (NIST) to develop a plan to protect national assets.

    NIST has released the latest version of the Framework for Improving Critical Infrastructure Cybersecurity.  The framework, a collaboration between industry and government, contains standards, guidelines, and practices to protect critical infrastructure. This flexible, repeatable, cost-effective approach helps owners and operators manage cybersecurity risks.

    The NIST Cybersecurity site offers various resources for businesses and industries.

    PA Office of Administration/Office for Information Technology (OA/OIT) Security Policies

    OA/OIT established policies and procedures for agencies under the Governor’s jurisdiction to:

    • Help standardize activities among the agencies
    • Promote collaboration among the agencies
    • Increase efficiency and lower associated costs.

    For information, please visit the OA/OIT Security Website and Security Policies.

    Continuity Planning

    Every organization should have a robust continuity of operations plan. It ensures ongoing essential functions in case of:

    • Natural disasters
    • Accidents
    • Technological emergencies
    • Terrorist attack-related incidents

    Continuity Planning resources:

    National Information Sharing & Analysis Centers (ISACs)

    ISACs help critical infrastructure owners and operators protect their facilities, personnel and customers against cyber and physical security threats and other hazards. ISACs:

    • Collect, analyze and disseminate actionable threat information
    • Provide members with tools to reduce risks and enhance resiliency
    • Communicate critical information and maintain sector-wide situational awareness

    National Information Sharing & Analysis Centers include:

    • Automotive ISAC
    • Aviation ISAC
    • Communication ISAC
    • Defense Industrial Base ISAC
    • Defense Security Information Exchange
    • Downstream National Gas ISAC
    • Electricity ISAC
    • Emergency Management & Response ISAC
    • Financial Services ISAC
    • Healthcare Ready
    • Information Technology ISAC
    • Maritime ISAC
    • Multi-State ISAC
    • National Health ISAC
    • Oil & Natural Gas ISAC
    • Real Estate ISAC
    • Research & Education ISAC
    • Retail Cyber Intelligence Sharing Center
    • Supply Chain ISAC
    • Surface Transportation, Public Transportation & Over-the-Road ISAC
    • Water ISAC

    Learn about individual ISACs at the National Council of ICACs site.