Cyber Security HomeSecurity AwarenessPA-ISAC
Cyber Security
Security Awareness
Anti Virus
Commonwealth Employees
Local Government
Information Technology
Log In
Unsure who to contact? Have a question or issue?

OA-Information Technology’s award-winning cybersecurity program provides a variety of resources and services to state agencies and employees.

Current commonwealth employees may logon here to access additional content.


State Agencies and Employees


  • Antivirus Software – Home Use: Employees have access to free antivirus software for home use. The home use option is designed to minimize the possibility of contamination of commonwealth workstations when transferring information between home and work computers.
  • Security Awareness Training: All employees are required to complete mandatory online security awareness training on cybersecurity best practices, the commonwealth’s acceptable use policy and how to report security incidents. Web-based training is available to employees in LSO at www.myworkplace.state.pa.us > My Training.


For more information about the following services, please contact RA-CISO@pa.gov or refer to the OA-Information Technology Service Catalog.

Architectural Reviews

  • Examination of the systems and related risks and threats from within and outside the organization.
  • Review of the business areas supported by the infrastructure to better understand the asset risk and required controls.
  • Technical review of the application or network architecture to ensure it is secured and does not pose risk to the agency or the enterprise. 
  • Review of the network component functions to ensure suitability.
  • Development of detailed recommendations, risk mitigation plans, and documentation to assist agencies with securing their application or infrastructure.

Computer Forensic Investigations

  • Provide systematic inspection of commonwealth systems and their contents for evidence or supportive evidence of cybercrime or other computer use that is being investigated.
  • Collect and analyze evidence in a fashion that adheres to standards of evidence that are admissible in a court of law.
  • Identify the cause of an incident.
  • Contain compromised services.
  • Identify policy violations.
  • Recommend appropriate remediation of discovered vulnerabilities.
  • Performs scanning and evaluation after remediation of device.

Gap Analysis

  • Policy, procedure, and standards review.
  • Physical and environmental security review.
  • Communications and operations management review.
  • Access control review.
  • Information systems acquisition, development and maintenance.
  • Information security incident management review.
  • Business continuity management review.
  • Compliance review.

Penetration Testing

  • Includes network assessment, war dialing tests and internal and external vulnerability scanning.
  • Map network and inventory systems to document vulnerabilities.
  • Provide recommendations for remediation.

Security Assessments

  • Conducts interviews, inspections, assessments and policy reviews.
  • Identify, quantify, and prioritize vulnerabilities in a system and infrastructure.
  • Assure compliance with key security, physical, device, network, human, and policy controls.
  • Detail discovered risks and provide risk mitigation options for remediation in a written report.
  • Offers review and guidance on policy and procedure development.
  • Perform annual extensive audits and quarterly full audits.
  • Offer payment card industry (PCI) compliance reports.

Vulnerability Management

  • Examination of application or network to determine adequacy of security measures with vulnerability scans and testing.
  • Deploy and maintain anti-virus software.
  • Isolate and remotely remediate infected systems.
  • Evaluate the security of a system or network through penetration testing.
  • Provide customized reports outlining options for remediation.