Critical Infrastructure Protection and Security Assessment Checklist

This comprehensive critical infrastructure protection and security assessment checklist ensures regulatory compliance with DHS CISA, NIST, EPA, NERC CIP, FBI InfraGard. Annual security assessment for critical infrastructure facilities (water, power, communications) in emergency management context covering physical security, cybersecurity integration, threat assessment, and continuity planning per DHS Critical Infrastructure Security and Resilience framework, NIST SP 800-82, and CISA guidelines..

• Industry: Emergency Services
• Frequency: Per Shift / Daily
• Estimated Time: 60 minutes
• Role: Station Captain / Shift Commander / EMS Lead
• Total Items: 19
• Compliance: DHS CISA, NIST, EPA, NERC CIP, FBI InfraGard

Physical Security Controls

Assess physical security per CISA guidelines.

• Is perimeter fencing, barriers, or walls adequate to delay unauthorized access to critical assets?
• Is electronic access control with logging operational on all critical facility entry points?
• Is CCTV coverage providing complete visual coverage of critical equipment with recording and alert capability?
• Is security lighting covering all entry points and critical asset areas with automatic activation?
• Have background checks been conducted on all personnel with unescorted access to critical assets?
• Is suspicious activity reporting process in place with law enforcement and CISA notification protocols?

Operational Technology Cybersecurity

Verify OT/ICS security per NIST SP 800-82.

• Is operational technology (SCADA, ICS, PLC) network segmented from corporate IT network?
• Is remote access to OT systems secured with MFA and jump server per CISA guidance?
• Is OT system patch management process in place accounting for vendor-approved updates and testing?
• Is network traffic monitoring in place detecting anomalous OT communications?
• Is third-party vendor access to OT systems controlled, monitored, and time-limited?

Threat Assessment and Information Sharing

Verify threat awareness per DHS CISA programs.

• Is organization participating in relevant ISAC (Information Sharing and Analysis Center) for the sector?
• Is facility subscribed to CISA alerts and local fusion center threat bulletins?
• Has threat/hazard assessment been completed identifying most credible threats to the facility?
• Is liaison relationship established with local law enforcement and FBI field office?

Resilience and Continuity Planning

Verify continuity per CISA resilience framework.

• Are critical systems (power, communications, controls) backed up with redundant capacity?
• Is Continuity of Operations Plan (COOP) current and tested within past 12 months?
• Are mutual aid agreements in place with peer facilities for emergency support?
• Is prioritized restoration plan documented with RTO for each critical system component?

Related Emergency Services Checklists

• Law Enforcement Use of Force Policy Compliance Review Checklist
• Fire Investigation Scene Safety and Documentation Checklist
• Public Access Defibrillator (AED) Program Management Checklist
• Ambulance Daily Vehicle Check

Why Use This Critical Infrastructure Protection and Security Assessment Checklist?

This critical infrastructure protection and security assessment checklist helps emergency services teams maintain compliance and operational excellence. Designed for station captain / shift commander / ems lead professionals, this checklist covers 19 critical inspection points across 4 sections. Recommended frequency: per shift / daily.

Ensures compliance with DHS CISA, NIST, EPA, NERC CIP, FBI InfraGard. Regulatory-aligned for audit readiness and inspection documentation.

Frequently Asked Questions

Browse More Checklists

• All Critical Infrastructure Checklists
• Emergency Services Checklists
• Browse 7,000+ Free Checklist Templates
• Operations Blog
• Book a Demo