Public Sector Playbooks — Executive Start Here

Pick your situation

Use responsibly: adapt to your environment; avoid entering sensitive incident data into public tools/templates; validate with policy/counsel as appropriate.

In an incident right now? Start with the first-24-hours page and its linked templates.
Worried about ransomware? Start with readiness priorities and leadership decisions.
Need patch urgency + governance? Use the KEV-to-risk path.
AI policy pressure? Use the AI governance kit.

Ransomware Readiness Kit

Minimum-viable controls + a 30/60/90-day plan. Built for leadership alignment and fast execution.

Top 5 priorities: MFA, backups+restore tests, EDR, logging, admin segmentation
Leadership decisions: downtime authority, critical services, comms owner
Links to tabletop + comms templates

Open page Starter kit

DFIR: The First 24 Hours

A one-page checklist for the first day of an incident + a containment decision tree.

0–2 hours: log, comms, preserve, snapshot, scope
2–8 hours: containment with evidence preserved
Template links: incident log, timeline, evidence checklist, holding statement

Open page Starter kit

KEV-to-Risk Kit

Turn CISA KEV into an executive risk conversation and an IT remediation plan (7/14/30 SLAs).

Monthly cadence + out-of-band addendums for edge exposure
Exec deck outline + IT action sheet template
Built to shorten patch debates during active exploitation

Open page Starter kit

AI Governance Kit

Starter policy + cheat sheet + use case register aligned to NIST AI RMF.

Data rules for staff AI use
Human accountability and review expectations
Vendor/procurement guardrails

Open page Starter kit

Assessment and Readiness Workbooks

Use these when the goal is planning, gap assessment, audit readiness, or standards-aligned program conversations rather than immediate incident response.

Open hosted tools