To search multiple types of US government reports at once, including policy and strategy documents, legislation, statistics and more:
Please Ask a Librarian. We are here to make your search process easier!
"The Congressional Research Service (CRS) ... approaches complex topics from a variety of perspectives and examines all sides of an issue. Staff members analyze current policies and present the impact of proposed policy alternatives."
Search for CRS Reports on cybersecurity:
Examples of CRS Reports on cybersecurity:
The Federal Trade Commission (FTC) has roles in enforcement, policy, and guidance as to data privacy and security. The FTC's website contains materials designed to educate consumers and small businesses about cybersecurity basics. The FTC's website also contains cases, press releases, public statements, reports, advocacy filings, and testimony.
Browse FTC materials:
The Department of Homeland Security (DHS) oversees these agencies' and offices' work on cybersecurity:
Cybersecurity and Infrastructure Security Agency (CISA)
Cyber Safety Review Board (CSRB)
Transportation Security Agency (TSA)
United States Coast Guard (USCG)
United States Secret Service (USSS)
Immigration and Customs Enforcement - Homeland Security Investigations (ICE HSI)
Office of the Chief Information Officer (OCIO)
Office of Policy
Search for cybersecurity updates from DHS agencies:
"GAO provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars."
Browse GAO by topic:
Search for GAO Reports on cybersecurity:
The Department of Justice's (DOJ's) Criminal Division contains a Computer Crime and Intellectual Property Section (CCIPS). Within CCIPS, there is a Cybersecurity Unit, which serves "as a central hub for expert advice and legal guidance regarding how the criminal electronic surveillance and computer fraud and abuse statutes impact cybersecurity."
Browse DOJ Cybersecurity Unit white papers and other documents:
Securities and Exchange Commission (SEC) Reporting
"Companies should consider the materiality of cybersecurity risks and incidents when preparing the disclosure that is required in registration statements under the Securities Act of 1933 (“Securities Act”) and the Securities Exchange Act of 1934 (“Exchange Act”), and periodic and current reports under the Exchange Act.
"When a company is required to file a disclosure document with the Commission, the requisite form generally refers to the disclosure requirements of Regulation S-K16 and Regulation S-X.
"Although these disclosure requirements do not specifically refer to cybersecurity risks and incidents, a number of the requirements impose an obligation to disclose such risks and incidents depending on a company’s particular circumstances." - https://www.sec.gov/rules/interp/2018/33-10459.pdf
Search for company reports with the SEC: