The IT Law Wiki


The Office of Cybersecurity and Communications (CS&C), a component of the National Protection and Programs Directorate within Department of Homeland Security, has the mission of assuring the security, resiliency, and reliability of the nation's cyber and communications infrastructure.

CS&C is responsible for developing and collecting FISMA metrics, in conjunction with the Office of Management and Budget, that are submitted either annually or quarterly by the Office of the Chief Information Officer (OCIO) and Office of Inspector General (OIG) at each agency. In addition, Federal agencies are required to provide monthly information security and vulnerability data feeds through a web-based application, CyberScope, allowing for improved risk-management decisions and increased situational awareness.

CS&C actively engages the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm these strategic assets.


CS&C works to prevent or minimize disruptions to U.S. critical information infrastructure in order to protect the public, economy, government services, and the overall security of the United States. It does this by supporting a series of continuous efforts designed to further safeguard federal government systems by reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats.

CS&C analyzes information that is specific to identifying known or suspected cyber threats from a number of sources in the form of "indicators" (e.g., Internet Protocol (IP) addresses, domains, e-mail headers, files, and strings). These "indicators" can be used to create intrusion detection signatures or other means of detecting and mitigating cyber threats.

Sources for the collection of these indicators include: cybersecurity analysis activities conducted by DHS; domestic and international private sector organizations; and international, federal, or state agencies with a vested interest in promoting cybersecurity. Indicators about known or suspected cyber threats may also be collected from information gathered by the EINSTEIN sensors placed on Federal civilian Executive Branch agency network collection points.

CS&C carries out its mission through its five divisions:

In addition, CS&C operates the Enterprise Performance Management Office, which ensures that the Assistant Secretary's strategic goals and priorities are reflected across all CS&C programs; measures the effectiveness of initiatives, programs, and projects that support those goals and priorities; and facilitates cross-functional mission coordination and implementation between CS&C components, within DHS, and among the interagency.

As the Sector-Specific Agency for the Communications and Information Technology (IT) sectors, CS&C coordinates national level reporting that is consistent with the National Response Framework (NRF).

The CS&C: