Chiefs' Corner

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.

Assessments: Cyber Resilience Review (CRR)

The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals.

The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.

Please click on the following links for more information:

PDF File Icon
Self-Assessment Package
Self-assessment form and report generator.
PDF File Icon
Method Description & User Guide
Walk-through for how an organization can conduct a CRR self-assessment.
PDF File Icon
Question Set with Guidance
Self-assessment question set along with accompanying guidance.
PDF File Icon
CRR NIST Framework Crosswalk
Cross-reference chart for how the NIST Cybersecurity Framework aligns to the CRR.
PDF File Icon
Information Sheet
Summary of the CRR process.


For more information from US-CERT, please click here

See our Chief’s Corner for more information by Chiefs, for Chiefs.

Directory of Cybercrime Labs and Resources

Search for regional crime labs and other resources to help with cybercrime investigations and assistance.

What's New?

BJA and PERF Release The Utah Model: A Path Forward for Investigating and Building Resilience to Cyber Crime

As new internet-based technologies are introduced, cybercrime is growing exponentially, both in the proliferation of crimes and the associated impact on victims concerning financial loss, invasion of privacy, blackmail, and threats to our national security.  To respond to this ever-changing threat, national and local police agencies across the globe continue to explore ways to coordinate resources with each other and attack the problem. This document highlights the many promising practices of the Utah State Model in support of “Operation Wellspring” and related efforts involving law enforcement leaders, cyber investigators, fusion center staff, emergency management personnel, and other national subject matter experts, working in partnership with the Federal Bureau of Investigation and the Department of Homeland Security.  However, this document is more than a “case study.”  Indeed, this publication serves as a foundational national document, strategically targeted, for Governor’s, their staff, and others, to guide and inform their policies and practices.  Special thanks are given to the Utah Department of Public Safety, FBI, DHS, IACP, RAND, NW3C, NGA, NACSIO, ASCIA and others.

Click here to view the entire document.



Whisper is the largest online platform where people share real thoughts and feelings, forge relationships and engage in conversations on an endless variety of topics—without identities or profiles. Whisper content and stories reach hundreds of millions of people each month across platforms. Whisper is spearheading a movement that believes that happiness starts with being your real self. Whisper is backed by venture investors including Sequoia Capital, Lightspeed Venture Partners, Thrive Capital, Shasta Ventures, Trinity Capital, and CAA Ventures. (“Whisper Press” 2016).

For more information, please visit:


Protecting law enforcement from cyber threats

This document provides material designed to assist law enforcement in protecting themselves and their families from becoming cyber targets: protecting personal information, cyber dos and don’ts, and links to further cyber training and resources. Download and read the full article at–Steps-to-Protect-Personal-Information


Want to follow the LECC on RSS?

Just point your RSS reader to (for the blogs) and for our news feeds.


Internet of Things Infographic

This fun infographic shows many different kinds of electronic devices that may be found in a residential home. Click on the icons to reveal how the IoT devices generate and store data. Click here to begin exploring the digital home.


For the Prosecutor

This information provides resources to those who prosecute cyber crimes, and includes both links to statutes and case law explicitly focusing on cyber crimes, as well as links to other legal resources related to cyber crime prosecution, such as digital search warrants, and litigation guides. Click here to view more.


Cybercrime Community Awareness and Prevention

In an effort to support and advance police/community interaction addressing cyber crime and victimization, the National White Collar Crime Center, International Association of Chiefs of Police, and the Office of Community Oriented Policing Services, and the U.S. Department of Justice, have developed training modules that identify the most common types of Internet and computer-related scams, and instructional tools to help people avoid being victimized by these scams. Click here to view the latest training module.


  • Digital warfare – the new global arms race

    Seven years ago, a USB drive infected with the Stuxnet computer worm found its way into Iran's Natanz uranium enrichment plant. There, likely plugged into computers by unsuspecting engineers, the worm wreaked havoc, taking control of the uranium centrifuges and causing them to spin themselves to failure. The use of the worm, which w... Continue reading
  • Blockchain consortium seeks to tackle cyber crime

    The Titanium consortium aims to tackle the use of blockchain in crimes such as the recent WannaCry ransomware attack. A €5 million (£4.3m) project, funded by the European Union, has been launched in a bid to prevent criminals and hackers from using blockchain technology to avoid the prying eyes of law agencies. The three-year projec... Continue reading
  • Over 560 Million Passwords Discovered in Anonymous Online Database

  • Companies, governments brace for a second round of cyberattacks in WannaCry’s wake

    As the world readies to open for business on Monday, companies and governments are bracing for a second round of cyberattacks in the aftermath of Friday’s WannaCry hack.

    Indeed, security experts are already warning that a new version of WannaCry has emerged over the weekend that doesn’t have the kill switch ... Continue reading
More Updates