U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. Publications Library
  3. Best Practices Collection

Best Practices Collection

Information promoted by the department as being correct or most effective.

  • Privacy Incident Handling Guidance

    The "PIHG" establishes DHS policy for responding to privacy incidents by providing procedures to follow upon the detection or discovery of a suspected or confirmed incident involving PII. 

    This is DHS's breach response plan.

    Revised and updated in December 2017

  • National Cybersecurity Awareness Month Resources

    October is National Cybersecurity Awareness Month (NCSAM), a time to focus on how cybersecurity is a shared responsibility that affects all Americans. NCSAM is a collaborative effort between the U.S. Department of Homeland Security (DHS) and its public and private partners, including the National Cyber Security Alliance, to raise awareness about the importance of cybersecurity and individual cyber hygiene.

  • Digital Volunteer Program Guide Fact Sheet

    To support agencies that are looking to launch and maximize the benefits of a digital volunteer program, S&T developed a Digital Volunteer Program Guide.

  • TSA Information Assurance (IA) Handbook

    This handbook implements the policies and requirements of the Transportation Security Administration (TSA) Management Directive (MD) 1400.3, Information Technology Security by establishing guidance applicable to the use, development, and maintenance of TSA Information Technology (IT) assets, networks, and systems.

  • 2018 Charlottesville Regional Tabletop Exercise for Institutions of Higher Education (RTTX) Situation Manual

    The 2018 Charlottesville RTTX was held on June 11, 2018 at the UVA in Charlottesville, VA. The one-day event focused on a soft target attacks.

  • 2018 North Dakota Leadership Tabletop Exercise (LTTX) Cybersecurity Overview and Resource Guide

    This Leadership Tabletop Exercise Cybersecurity Overview and Resource Guide provides members of the academic community with a summary of the format and structure of the pilot LTTX event, hosted by the North Dakota University System, as a model for initiating critical conversations with campus leadership on their roles in preparedness for, response to, and recovery from campus emergencies.

  • 2018 Philadelphia Regional Tabletop Exercise Situation Manual

    The 2018 Philadelphia RTTX event focused on threats and hazards related to a hazardous material (HAZMAT) incident near campus.

  • DHS Civil Rights Evaluation Tool

    Entities selected to receive a grant, cooperative agreement, or other award of Federal financial assistance from the U.S. Department of Homeland Security (DHS) or one of its Components must complete the DHS Civil Rights Evaluation Tool and submit required data within thirty (30) days of receipt of the Notice of Award or, for State Administering Agencies, thirty (30) days from receipt of this form from DHS or its awarding component.

  • Privacy Compliance Review of the USCIS Customer Profile Management Service and National Appointment Scheduling System

    USCIS oversees lawful immigration to the United States. As part of this mission, USCIS receives and adjudicates requests for immigration and citizenship benefits. The administration of these benefits requires the collection of biographic and biometric information from benefits requestors.  USCIS uses multiple systems to administer immigration benefits, including the Customer Profile Management Service (CPMS) and National Appointment Scheduling System (NASS). Due to the heightened privacy risks associated with the collection of biometrics information, PIAs for CPMS and NASS in 2015 required the DHS Privacy Office to conduct a PCR.  During the course of this PCR, the DHS Privacy Office found USCIS to be in compliance with privacy requirements of federal privacy laws, DHS and Component privacy regulations and policies, and explicit assurances made by USCIS in existing privacy compliance documentation.  We identified six recommendations designed to improve USCIS privacy compliance, and to incorporate best practices for other USCIS and DHS programs and systems.

  • Web Accessibility Favelets (WAF)

    Favelets is a set of bookmarks with JavaScript test functions activated from your web browser. Another word used to call this is bookmarklets. The respective zip file includes bookmarks with favelets built-in along with descriptions of their source and use in the included README.txt.