CISA Releases Guidance on Protecting Organization-Run Social Media Accounts

Original release date: December 9, 2021

CISA has released Capacity Enhancement Guide (CEG): Social Media Account Protection, which details ways to protect the security of organization-run social media accounts. Malicious cyber actors that successfully compromise social media accounts—including accounts used by federal agencies—could spread false or sensitive information to a wide audience. The measures described in the CEG aim to reduce the risk of unauthorized access on platforms such as Twitter, Facebook, and Instagram. 

CISA encourages social media account administrators to implement the protection measures described in CEG: Social Media Account Protection:

  • Establish and maintain a social media policy
  • Implement credential management
  • Enforce multi-factor authentication (MFA)
  • Manage account privacy settings
  • Use trusted devices
  • Vet third-party vendors
  • Maintain situational awareness of cybersecurity threats
  • Establish an incident response plan

Note: although CISA created the CEG primarily for federal agencies, the guidance is applicable to all organizations.

This product is provided subject to this Notification and this Privacy & Use policy.