The Cybersecurity and Infrastructure Security Agency (CISA) is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future. One way we accomplish this goal is by providing a robust offering of Cybersecurity and Critical Infrastructure Training opportunities.
Cybersecurity Training
Training is essential to preparing the cybersecurity workforce of tomorrow, and for keeping current cybersecurity workers up-to-date on skills and evolving threats. CISA is committed to providing the nation with access to cybersecurity training and workforce development efforts to develop a more resilient and capable cyber nation. Training areas include:
- NICCS Education and Training Catalog
- Formal Education
- Workforce Development
- On-Demand Cybersecurity Training
- Continuous Diagnostics and Mitigation (CDM) Training
- Industrial Control Systems
- Certification Offerings
Visit the Cybersecurity Training & Exercises page, as well as US-CERT's CDM Training and ICS Training pages for more information regarding these training opportunities.
Critical Infrastructure Training
CISA offers a wide array of free training programs to government and private sector partners. These web-based independent study courses, instructor-led courses, and associated training materials provide government officials and critical infrastructure owners and operators with the knowledge and skills needed to implement critical infrastructure security and resilience activities. Training areas include:
- Critical Infrastructure Independent Study Courses,
- Sector-Specific Training,
- Critical Infrastructure Security and Resilience Training Portal,
- Interagency Security Committee Training,
- Counter-Improvised Explosive Device (IED) Training and Awareness,
- Active Shooter Preparedness Workshops,
- Authorized User Training, and
- Other Training Resources.
Visit the Critical Infrastructure Training page for more information regarding these training opportunities.
Critical Infrastructure Learning Series
The Critical Infrastructure Learning Series provides one-hour, web-based seminars conducted by critical infrastructure experts on the tools, trends, issues, and best practices for infrastructure security and resilience.
Series offerings are available at no-cost and are highly recommended for the Department of Homeland Security's private sector and government partners, to include critical infrastructure owners and operators and officials with responsibility for risk, security, and emergency management functions.
Visit the Critical Infrastructure Learning Series page for more information regarding these webinars.
Insider Threat Training and Awareness
Videos and training courses are available to assist organizations prepare for and mitigate insider threats. Visit the Insider Threat Training and Awareness page for more information regarding these courses.
CVI Authorized User Training
CVI is used to protect information developed under the Chemical Facility Anti-Terrorism Standards (CFATS) regulation (6 CFR Part 27) that relates to vulnerabilities of high-risk chemical facilities that manufacture, use, store, or otherwise possess certain explosive, reactive, flammable, or toxic chemicals of interest, to terrorist attacks.
Only CVI Authorized Users with a need to know can have access to CVI.
Note: This training does not make any determination on your need to know the CVI. The holder of the CVI or an appropriate Cybersecurity and Infrastructure Security Agency (CISA) official will make this decision each time a request for access to, or for disclosure of, CVI is made.
CISA will review the information you provide upon completion of this training and, if you are approved as a CVI Authorized User, CISA will notify you with an email providing a unique CVI Authorized User number and certificate to confirm your status.
Visit the CVI Authorized User Training page for more information.
Federal Virtual Training Environment (FedVTE)
The Federal Virtual Training Environment (FedVTE) is a free, online and on-demand cybersecurity training system. With courses ranging from beginner to advanced levels, you can strengthen or build your cybersecurity skillsets – at your own pace and schedule! FedVTE provides cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, U.S. military veterans and the public.
A limited number of courses are publicly available here: https://fedvte.usalearning.gov/public_fedvte.php
Highlights include:
- Certification prep courses – Prepare and train for your next certification with our Certified Ethical Hacker, Cybersecurity Analyst (CySA+), Network +, Security +, Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP) courses.
- Access – FedVTE courses can be completed at your own pace, at any time using your PC, laptop, or other mobile devices (i.e., smartphones, tablets).
- NICE Cybersecurity Workforce Framework – All courses are mapped to the NICE Framework Categories and Specialty Areas to help you identify courses that you need for your job or aspiration.
To register for an account or see the full course catalog, visit fedvte.usalearning.gov. For more information, visit niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte.
Visit the FedVTE page for more information about the courses being offered.
PCII Authorized User Training
To access Protected Critical Infrastructure Information (PCII), you must be a PCII Authorized User. However, access to individual items of PCII will be determined by your need to know that information. The holder of the PCII or an appropriate federal, state, tribal, or local government official will make this decision each time a request for access to or disclosure of PCII is made.
To apply for PCII Authorized User status, you must:
- Be a federal, state, tribal, or local government employee (or contractor);
- Complete training on the proper handling and safeguarding of PCII;
- Have homeland security responsibilities; and
- Sign a non-disclosure agreement (non-Federal employees only).
If you are unsure of your entity's status as belonging to either the public sector (e.g., a government entity) or private sector, please contact the Department of Homeland Security PCII Program at PCII-Assist@hq.dhs.gov.
Government contractors must also modify relevant contracts to comply with requirements of the PCII Program. Contract modification is not a prerequisite to accessing PCII; however, the contractor must contractually acknowledge his or her responsibilities with respect to PCII as soon as practicable. The PCII Officer certifies that contractors are engaged in activities supporting their accredited entity.
Visit the PCII Authorized User Training page for more information.
Security and Awareness Training
Security and Awareness Training (SAT) Federal Shared Service Providers (FSSPs) provide common suites of information systems security training products and services for the federal government. SAT FSSPs provide standardized skills and competencies in order to align with nationally recognized credentials, such as the National Institute of Standards and Technology (NIST) guidance and the National Initiative for Cybersecurity Education (NICE), for government Information System Security (ISS) roles. The FSSPs provide a repository of government sponsored or approved training products and sources that will reach all levels of government executives.
Visit the Security and Awareness Training page for more information about the current offerings.
RBPS 11 Training
Risk-Based Performance Standard (RBPS) 11 – Training is the performance standard that addresses security and response training, exercises, and drills. By performing these properly, a facility prepares its personnel to identify and respond to suspicious behavior, attempts to enter or attack a facility, or other malevolent acts by insiders or intruders.
A strong training program typically includes joint activities involving law enforcement and first responders to help them understand the layout and hazards involved with the facility.
Well-trained personnel who practice how to react will be more effective at detecting and delaying intruders as well as reducing the consequences of an attack.
Visit the RBPS 11 Training page for information available training and resources.