June 22, 2026

Five Eyes Cyber Security Agencies Statement

As the leaders of the Five Eyes cyber security agencies, we are united in our call to action: the evolving landscape of artificial intelligence (AI) is rapidly transforming cyber risk, and we must act swiftly to remain ahead.

June 3, 2026

NSA Joins CISA and Partners to Release Guidance on Hardening Automatic Tank Gauge Systems

FORT MEADE, Md. (June 03, 2026) — Today, the National Security Agency (NSA) joins the Cybersecurity and Infrastructure Security Agency (CISA) and other U.S. government agencies to jointly release the fact sheet, "CISA and Partners Urge Hardening Automatic Tank Gauge Systems."  

Feb. 26, 2026

NSA Joins ASD’s ACSC and Others to Release a Cybersecurity Alert and Related Hunt Guide on Cisco SD-WAN Systems

FORT MEADE, Md. – The National Security Agency (NSA), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), and other agencies have issued the Cybersecurity Alert "Exploitation of Cisco SD-WAN Appliances," and a corresponding, "Cisco SD-WAN Threat Hunt Guide."
 

Dec. 11, 2025

NSA Releases Unified Extensible Firmware Interface Secure Boot Guidance

FORT MEADE, Md. – The National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI) “Guidance for Managing UEFI Secure Boot” to provide guidance on addressing Secure Boot configuration challenges.

Dec. 4, 2025

NSA Joins CISA to Release Guidance on Detecting BRICKSTORM Backdoor Activity

FORT MEADE, Md. — FORT MEADE, Md. – The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and the Canadian Centre for Cyber Security to detail the broad campaign of China state-sponsored cyber actors using the BRICKSTORM malware for long-term persistence on victim systems.

Sept. 3, 2025

NSA, CISA, and Others Release a Shared Vision of Software Bill of Materials (SBOM)

FORT MEADE, Md —

FORT MEADE, Md. - The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and others to release the Cybersecurity Information Sheet (CSI), “A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity,” to inform producers, choosers, and operators of software of the advantages of integrating SBOM generation, analysis, and sharing into existing security processes and practices.

Aug. 27, 2025

NSA and Others Provide Guidance to Counter China State-Sponsored Actors Targeting Critical Infrastructure Organizations

FORT MEADE, Md. – The National Security Agency (NSA) and other U.S. and foreign organizations are releasing a joint Cybersecurity Advisory to expose advanced persistent threat (APT) actors sponsored by the Chinese government targeting telecommunications, government, transportation, lodging, and military infrastructure networks globally and outline appropriate mitigation guidance.

Aug. 13, 2025

NSA Joins CISA and Others to Share OT Asset Inventory Guidance

FORT MEADE, Md. - The National Security Agency (NSA) is joining the Cybersecurity and Infrastructure Security Agency (CISA) and others to release the Cybersecurity Technical Report (CTR), “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators.”

June 30, 2025

NSA, CISA, FBI, and DC3 Warn Iranian Cyber Actors May Target Vulnerable U.S. Networks and Entities of Interest

FORT MEADE, Md. - The National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), and the Department of Defense Cyber Crime Center (DC3) have released the joint Cybersecurity Information Sheet (CSI), “Iranian Cyber Actors May Target Vulnerable U.S. Networks and Entities of Interest.”

June 24, 2025

NSA and CISA Release CSI Highlighting Importance of Memory Safe Languages in Software Security

FORT MEADE, Md. - The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint Cybersecurity Information Sheet (CSI) to highlight the importance of adopting memory safe languages (MSLs) in improving software security and reducing the risk of security incidents.