The documents include a list of best practices for securing accounts, devices and data, vulnerability management, governance and the supply chain, as well as a “user friendly” worksheet for owners and operators in critical infrastructure to map their cybersecurity practices to standards developed by the National Institute for Standards and Technology and plan new investments.