Critical Infrastructure Cyber Community C³ Voluntary Program

The United States depends on critical infrastructure every day to provide energy, water, transportation, financial services, and other capabilities that support our needs and way of life. Over the years, improvements in technology have allowed these capabilities to evolve and run more efficiently. The Critical Infrastructure Cyber Community C³ (pronounced “C Cubed”) Voluntary Program supports owners and operators of critical infrastructure, academia, Federal government, State, Local, Tribal, and Territorial (SLTT) governments, and business in their use of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework), an industry-developed voluntary framework to help organizations address and  improve their cybersecurity risk management. The C³ Voluntary Program website marks the first time that DHS has converged all of its available resources that support cyber risk and resilience for Federal and SLTT governments, academia, and business.

The C³ Voluntary Program’s launch in February 2014 coincides with the release of the final Framework. The C³ Voluntary Program’s focus during the first year will be engagement with Sector-Specific Agencies (SSAs) and organizations using the Framework to develop guidance on how to implement the Framework. Later phases of the C³ Voluntary Program will broaden the program’s reach to all critical infrastructure and businesses of all sizes that are interested in using the Framework.

C³ Voluntary Program Activities

The C³ Voluntary Program focuses on three major activities:

Supporting Use

The C³ Voluntary Program will assist stakeholders with understanding use of the Framework and other cyber risk management efforts, and support development of general and sector-specific guidance for Framework implementation. The C³ Voluntary Program will also work with the 16 critical infrastructure sectors to develop sector-specific guidance, as needed, for using the Framework.

Outreach and Communications

The C³ Voluntary Program will serve as a point of contact and customer relationship manager to assist organizations with Framework use, and guide interested organizations and sectors to DHS and other public and private sector resources to support use of the Cybersecurity Framework.

Feedback

The C³ Voluntary Program encourages feedback from stakeholder organizations about their experience using C³ Voluntary Program resources to implement the Framework. The C³ Voluntary Program works with organizations to understand how they are using the Framework, and to receive feedback on how the Framework and the C³ Voluntary Program can be improved to better serve organizations. Feedback about the Framework will also be shared with NIST, to help guide the development of the next version of the Framework and similar efforts.

C³ Voluntary Program Engagement Channels

The C³ Voluntary Program and organizations can interact through the following engagement channels:

• Regionally located DHS personnel from the Cyber Security Advisor (CSA) and Protective Security Advisor (PSA) programs. These personnel interact directly with organizations in their regions about cybersecurity and critical infrastructure protection.
• The Critical Infrastructure Partnership Advisory Council (CIPAC) Framework, a partnership between government and critical infrastructure sector owners and operators that enables a broad spectrum of activities to support and coordinate on critical infrastructure protection.
• Direct engagement between the C³ Voluntary Program and interested organizations. Organizations may access the C³ Voluntary Program website or contact the C³ Voluntary Program at ccubedvp@hq.dhs.gov.
• Requests for Information (RFI), which create opportunities for the general public to provide input on cybersecurity solutions and policies.

Access program resources at the C³ Voluntary Program US-CERT Gateway.