资讯：CISA与合作伙伴发布应对网络威胁的指南

CISA and partners release guide for civil society organisations to address cyber threats
CISA 与合作伙伴为民间社会组织发布应对网络威胁的指南

The US Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI) and several international partners from the UK, Estonia, Canada, Japan, and Finland, released a guide on Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society.
美国网络安全和基础设施安全局 (CISA) 与国土安全部 (DHS)、联邦调查局 (FBI) 以及来自英国、爱沙尼亚、加拿大、日本和芬兰的几个国际合作伙伴合作，发布了一份 《利用有限资源缓解网络威胁：民间社会指南》。

This publication provides civil society organizations (CSOs) and individuals with recommended actions and mitigations to reduce the risk of cyber intrusions. Additionally, the guide encourages software manufacturers to implement security-by-design practices that are necessary to help protect vulnerable and high-risk communities.
本出版物为民间社会组织 (CSO) 和个人提供建议的行动和缓解措施，以降低网络入侵的风险。此外，该指南鼓励软件制造商实施必要的设计安全实践，以帮助保护脆弱和高风险社区。

‘These high-risk community organizations often lack cyber threat information and security resources. With our federal and international partners, we are providing this resource to help these organizations better understand the cyber threats they face and help them improve their cyber safety’, added Jen Easterly, Director of CISA.
“这些高风险社区组织往往缺乏网络威胁信息和安全资源。我们与我们的联邦和国际合作伙伴一起提供这一资源，以帮助这些组织更好地了解他们面临的网络威胁，并帮助他们提高网络安全”，CISA 总监 Jen Easterly 补充道。

According to the guide, civil society, comprised of organizations and individuals—such as nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalists, dissidents, and diaspora organizations, communities involved in defending human rights and advancing democracy—are considered high-risk communities. Authors note that often, these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests. Recommendations include regular software updates, adopting multi-factor authentication (MFA), and implementing the principle of least privilege to reduce vulnerabilities and others.
根据该指南，公民社会由组织和个人组成，例如非营利组织、倡导组织、文化组织、信仰组织、学术组织、智囊团、记者、持不同政见者和侨民组织、参与捍卫人权和推进民主的社区，被视为高风险社区。作者指出，这些组织及其员工常常成为国家支持的威胁行为者的目标，这些威胁行为者试图破坏民主价值观和利益。建议包括定期软件更新、采用多重身份验证 (MFA) 以及实施最小权限原则以减少漏洞等。

CISA and partners also encourage software manufacturers to review and implement mitigations and practices to protect CSOs. In particular, the guide says software manufacturers should implement vulnerability management to eliminate entire classes of vulnerability in their products, enable MFA by default in all products, provide logging at no additional charge to the customer, and alert customers of suspicious behaviour on their networks; and include details of a secure by design concept in corporate financial reports.
CISA 和合作伙伴还鼓励软件制造商审查并实施缓解措施和实践，以保护 CSO。该指南特别指出，软件制造商应实施漏洞管理，以消除其产品中的所有类别的漏洞，在所有产品中默认启用 MFA，向客户免费提供日志记录，并提醒客户网络上的可疑行为；并在公司财务报告中包含安全设计概念的详细信息。