Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

9.3 DHS Resources

Additional Resources

9.3 DHS Resources

National Initiative for Cybersecurity Careers and Studies (NICCS)
NICCS, an official website of CISA, is an online resource for cybersecurity training. The courses in the training catalog are cybersecurity focused and delivered by accredited universities, National Centers of Academic Excellence, federal agencies, and other training providers. Each course is mapped to the National Cybersecurity Workforce Framework, the foundation of the National Initiative for Cybersecurity Education (NICE) effort to standardize the cybersecurity field. (US-CERT. Learn about NICCS.)

Federal Virtual Training Environment (FedVTE)
The FedVTE provides free online cybersecurity training to federal, state, local, tribal, and territorial (SLTT) government employees, federal contractors, US military veterans and the public. Managed by DHS, FedVTE contains more than 800 hours of training on topics such as ethical hacking and surveillance, risk management, and malware analysis. (US-CERT. Federal Virtual Training Environment (FedVTE).)

Training, as referred to in the Future of the Federal IT Workforce Update (CIO Council. Future of the Federal IT Workforce Update. May 2020) report, is a fundamental component of reskilling opportunities within the Federal Government and helps further the goal of enhancing the national cybersecurity posture. By ensuring that all IT workers have cybersecurity training that is broad enough to at least cover the basics of good cyber hygiene, the potential decreases for breaches to occur through phishing attacks or the introduction of malware.

Register for FedVTE training at

FISMA Metrics
Each year, three sets of FISMA metrics are developed and used to evaluate the performance of agency cybersecurity and privacy programs.

  1. FISMA CIO metrics are developed by OMB and DHS in close coordination with members of the CIO and CISO Communities and assess the degree to which agencies have implemented certain cybersecurity-related policies and capabilities. CFO Act agencies report this information on a quarterly basis, and non-CFO Act agencies report this information twice annually. These metrics ensure demonstrable progress from agencies’ in implementing the Administration’s priorities and best practices.
  2. FISMA IG metrics are developed by the CIGIE, in collaboration with OMB and DHS, and are used to provide the independent assessment required under FISMA.
  3. FISMA SAOP metrics are used to assess the maturity of agency privacy programs. Both the FISMA IG and FISMA SAOP metrics are collected on an annual basis and, along with the fourth quarter FISMA CIO metrics, are reported in the Annual FISMA Report. (CIO Council. CISO Handbook Page 25.)

FISMA metrics from the current and previous years can be found at for FISMA documents.

An Official website of the Federal Government

Looking for U.S. government information and services?