The newest agency on this map, created in 2018 from a DHS directorate. It issues binding security directives to federal civilian agencies, publishes the known-exploited-vulnerabilities catalog that industry patches against, and works with the private owners of most U.S. critical infrastructure.
Open the interactive page for CISA →Created byCybersecurity and Infrastructure Security Agency Act of 2018, Pub. L. 115-278 (Nov. 16, 2018), redesignating DHS's National Protection and Programs Directorate as CISA
Head appointed6 U.S.C. § 113(a)(1)(H): Director of the Cybersecurity and Infrastructure Security Agency appointed by the President, by and with the advice and consent of the Senate; statutory expertise qualifications in 6 U.S.C. § 652(b)(2); no fixed term (PAS)
Removal standardno statutory protection — at will
Funded underannual DHS Appropriations Act
Congressional oversightHouse Committee on Homeland Security (Subcommittee on Cybersecurity and Infrastructure Protection) · Senate Committee on Homeland Security and Governmental Affairs (Director nominations referred there)
Inspector generalDHS OIG (PAS IG under the IG Act, 5 U.S.C. §§ 401–424)
Judicial reviewAPA suits in district court; voluntarily submitted critical-infrastructure information exempt from FOIA as Protected Critical Infrastructure Information (6 U.S.C. § 673); CIRCIA cyber-incident reports shielded from disclosure and from use in enforcement (6 U.S.C. § 681e)
Vote for President and Senate; comment on cyber incident-reporting rules; your state and local election officials decide whether to use CISA's election-security services.
DHS · CBP · ICE · TSA · USCIS · FEMA · USSS · USCG · full org map