NSA Cybersecurity Advisories & Guidance


NSA leverages its elite technical capability to develop advisories and mitigations on evolving cybersecurity threats.

Browse or search our repository of advisories, info sheets, tech reports, and operational risk notices listed below. Some resources have access requirements.

For a subset of cybersecurity products focused on telework and general network security for end users, view our Telework and Mobile Security Guidance page.

To read our complete series on protecting DoD microelectronics from adversary influence, view our DoD Microelectronics Guidance page.
 

ImageTitlePublication Date
Operational Technology Assurance Partnership: Smart Controller Security within National Security SystemsOperational Technology Assurance Partnership: Smart Controller Security within National Security Systems4/23/2025
CSA: BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actorsCSA: BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors4/9/2025
CSA: BADBAZAAR and MOONSHINE: Technical analysis and mitigationsCSA: BADBAZAAR and MOONSHINE: Technical analysis and mitigations4/9/2025
CSA: Fast Flux: A National Security ThreatCSA: Fast Flux: A National Security Threat4/3/2025
Info Sheet: Selecting a Protective DNS Service (March 2025 Update)Info Sheet: Selecting a Protective DNS Service (March 2025 Update)3/24/2025
CSI: Security Considerations for Edge DevicesCSI: Security Considerations for Edge Devices2/4/2025
CSI: Security Considerations for Edge Devices: Executive GuidanceCSI: Security Considerations for Edge Devices: Executive Guidance2/3/2025
CSI: Security Considerations for Edge Devices: Practitioner GuidanceCSI: Security Considerations for Edge Devices: Practitioner Guidance2/3/2025
CSI: Content Credentials: Strengthening Multimedia Integrity in the Generative AI EraCSI: Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era1/29/2025
CSI: Closing the Software Understanding GapCSI: Closing the Software Understanding Gap1/16/2025
CSI: Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital ProductsCSI: Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products1/13/2025
CTR: DoD Microelectronics: Field Programmable Gate Array Security GuidanceCTR: DoD Microelectronics: Field Programmable Gate Array Security Guidance1/6/2025
CSI: Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) FAQ (December 2024 Update)CSI: Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) FAQ (December 2024 Update)12/31/2024
CSA: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (December 2024 update)CSA: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (December 2024 update)12/18/2024
Cybersecurity Information Sheet (CSI): Enhanced Visibility and Hardening Guidance for Communications InfrastructureCybersecurity Information Sheet (CSI): Enhanced Visibility and Hardening Guidance for Communications Infrastructure12/3/2024
Page 1 of 16

Additional Documents

Some guidance is protected and requires use of a DoD Common Access Card (CAC) to access. Visit https://cyber.mil/nsa/cybersecurity-advisories-and-technical-guidance/ to access the following and other protected documents:

  • Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique (FOUO version)
  • Protecting VSAT Communications
  • Quantum Security of Symmetric Cryptography and Hash Functions: A Review
  • Securing AWS S3
  • Security Considerations for Office 365 Government Customers