CISA CTEP Platform

The Only Platform Built for
CISA CTEP Exercises

CISA's Cyber Tabletop Exercise Program (CTEP) is the gold standard for cyber incident preparedness across all 16 critical infrastructure sectors. Skyhigh is purpose-built to deliver every CTEP exercise phase — scenario selection, AI facilitator briefing, live session delivery, real-time gap capture, and compliant AAR/IP export.

Start Your CTEP Exercise → Download Buyer's Guide
📌 CPG 4.D Requirement: CISA's Cybersecurity Performance Goals explicitly cite tabletop exercises (CPG 4.D) as a baseline requirement for all critical infrastructure operators. CISA CTEP is the recommended methodology. Completing a Skyhigh exercise satisfies CPG 4.D and generates the documented evidence required for CISA reporting and board-level assurance.
65+
CTEP-Aligned Scenarios
16
Critical Infrastructure Sectors
8
CTEP Exercise Phases Automated
100%
AAR / IP Compliant Output

CISA CTEP — The Gold Standard for Critical Infrastructure Exercises

Understanding CTEP requirements helps you build an exercise program that satisfies CISA, board stakeholders, and regulators — and Skyhigh automates the entire process.

🏛️
What Is CISA CTEP?
The Cybersecurity and Infrastructure Security Agency's Cyber Tabletop Exercise Program (CTEP) provides standardized guidance for planning, conducting, and evaluating cyber incident tabletop exercises. Referenced in CPG 4.D as a required exercise methodology, CTEP applies to all 16 critical infrastructure sectors and all organization sizes — from small operators to Fortune 500 enterprises.
📋
CTEP Exercise Requirements
A compliant CTEP exercise must include: (1) a structured scenario aligned to realistic sector threats, (2) defined participant roles reflecting actual response responsibilities, (3) a skilled facilitator who can probe assumptions and drive discussion, (4) real-time documentation of gaps and findings, and (5) a formal After Action Report (AAR) with an Improvement Plan (IP) tracking corrective actions to closure.
Skyhigh as Your CTEP Platform
Skyhigh was designed from the ground up around the CTEP framework. Every feature maps to a CTEP exercise phase — AI scenario selection, automated facilitator briefing, live session delivery with probing questions, real-time gap capture, AI-written AAR, and program scheduling. It is the only platform offering built-in CTEP facilitator certification (Level 1 & Level 2).

CTEP Phase Mapping — Skyhigh Feature Coverage

Every CISA CTEP exercise phase is automated end-to-end. From design to improvement plan — no manual effort required.

CTEP Phase Requirement Skyhigh Feature Output / Evidence
Phase 1 Exercise Design Scenario selection aligned to sector threats and org maturity Core 65-scenario library + AI Scenario Generator Scenario brief, inject sequence, participant role assignments
Phase 2 Facilitator Preparation Pre-exercise facilitator briefing, objectives, and role assignments Core AI Facilitator Briefing — auto-tailored per scenario Printed facilitator brief PDF with objectives and timing guide
Phase 3 Exercise Delivery Structured inject presentation with step-by-step pacing Core Live Session Mode — real-time step delivery with host controls Session log with timestamps, step completion record, participant join log
Phase 4 Facilitation & Coaching Probing questions, assumption challenges, discussion facilitation Direct AI Exercise Coach — real-time coaching tips + probing questions Coaching session log; probing questions used during exercise
Phase 5 Dynamic Complications Mid-exercise inject injection for realism and stress testing Direct Adaptive Dynamic Injects — AI-generated on-the-fly complications Inject delivery log; participant response record; AAR inject section
Phase 6 Gap Documentation Real-time capture of identified capability gaps and weaknesses Core Gap Tracking Panel — framework-tagged gap register Gap register export mapped to 11 regulatory frameworks
Phase 7 After Action Report CTEP-compliant AAR with findings, recommendations, and corrective actions Core AI AAR Summary + structured multi-page PDF export AAR/IP document — ready for CISA submission and board review
Phase 8 Improvement Planning Tracked corrective actions with re-exercise scheduling Direct Exercise Program Manager — cadence scheduling + email reminders Program run history; scheduled exercises; corrective action closure log

Purpose-Built CTEP Features

Three capabilities that set Skyhigh apart as the definitive CISA CTEP platform — not a generic tabletop tool retrofitted for compliance.

📋
CTEP-Compliant AAR / IP Export
Every Skyhigh exercise generates an AI-written After Action Report aligned to the CISA CTEP AAR/IP format — exercise summary, participant list, gap findings by framework, prioritized recommendations, and corrective action assignments with owners and due dates. Export as a multi-page PDF ready for CISA submission, leadership review, and regulatory evidence packages.
CTEP AAR Format AI-Generated PDF Export Gap Register
🎓
Built-In CTEP Facilitator Certification
Skyhigh is the only platform with native CTEP Level 1 and Level 2 facilitator certification. Complete the platform's server-graded certification quiz, earn your CTEP-L1 or CTEP-L2 credential with a dated certificate PDF, and build a certified facilitation team across your organization — a capability CISA CPG 4.D recommends for all sectors and critical infrastructure operators.
CTEP-L1 Cert CTEP-L2 Cert Server-Graded PDF Certificate
🏛️
All 16 Critical Infrastructure Sectors
CTEP exercises must address sector-specific threats. Skyhigh's 65+ scenario library spans all 16 CISA-designated critical infrastructure sectors — Energy, Water, Healthcare, Financial Services, Transportation, Communications, Government Facilities, Manufacturing, Defense Industrial Base, Food & Agriculture, and more — each with sector-appropriate threat actors, injects, and regulatory framework mappings.
Energy Healthcare Water Financial Transportation +11 More

CTEP Scenarios — Cross-Sector Coverage

Six sectors. Six CTEP exercises. Each generates a complete AAR/IP in a single session.

ENERGY · CTEP TTX
Power Grid Ransomware — SCADA & EMS Impact
Bulk electric system operator faces ransomware encrypting EMS/SCADA systems during peak demand. CTEP Objectives: OT/IT isolation, E-ISAC notification, mutual aid activation, NERC CIP-009 incident reporting. Tests cross-functional coordination between IT, OT, and executive leadership.
Energy Sector NERC CIP CPG 4.D
HEALTHCARE · CTEP TTX
Hospital Ransomware — EHR & Medical Device Crisis
Regional hospital system faces ransomware affecting EHR and networked medical devices. CTEP Objectives: Patient safety diversion protocols, PHI breach notification under HIPAA, HHS HC3 threat sharing, continuity of care during IT outage. Tests clinical and administrative coordination.
Healthcare Sector HIPAA HHS HC3
WATER · CTEP TTX
Water Treatment SCADA Compromise — Public Safety
Water treatment facility's SCADA compromised by nation-state actor. CTEP Objectives: Chemical dosing safeguards, manual operations fallback, WaterISAC and EPA notification, public health authority coordination, CISA 72-hour reporting. Tests operational continuity under OT attack.
Water Sector EPA Reporting CISA CTEP
FINANCIAL SERVICES · CTEP TTX
Core Banking System Disruption — Cyber Incident
Regional bank's core banking platform unavailable due to a cyberattack during business hours. CTEP Objectives: Business continuity activation, customer communications, FS-ISAC notification, federal regulatory reporting. Tests cross-functional decision-making under time pressure and public scrutiny.
Financial Sector FS-ISAC DORA
TRANSPORTATION · CTEP TTX
Regional Airport Cyber Disruption — Operations Impact
Airport IT network experiences cyberattack affecting flight operations systems and TSA coordination infrastructure. CTEP Objectives: Safety protocols, TSA Security Directive notification, passenger communication, FAA coordination, continuity of critical operations under media pressure.
Transportation Sector TSA Directives FAA
GOVERNMENT / FEDERAL · CTEP TTX
Federal Agency Network Breach — APT Detected
Federal agency detects advanced persistent threat in administrative systems with suspected lateral movement toward sensitive data. CTEP Objectives: CISA notification within 72 hours, containment without disrupting mission, inter-agency coordination, public affairs response, congressional notification.
Government Sector CISA CPG FISMA

CTEP Evidence Artifacts Generated

Every exercise produces a complete documentation package — ready for CISA, board leadership, and regulatory review.

📄
CTEP After Action Report
AI-generated AAR aligned to CISA CTEP format: summary, gaps, recommendations, and corrective action assignments — CISA-submission ready
📈
Improvement Plan (IP)
Tracked corrective actions with assigned owners, due dates, and re-exercise scheduling in the Exercise Program Manager
🎓
CTEP Facilitator Certificate
Platform-issued CTEP Level 1 or Level 2 facilitator credential — digital certificate + printable PDF, recommended by CISA CPG 4.D
📅
Exercise Program Schedule
Documented exercise cadence showing CTEP compliance across quarters — scenario rotation, participant assignments, run history

Explore the Full Regulatory Toolkit Library

Skyhigh exercise evidence maps to multiple frameworks simultaneously. One exercise program — complete regulatory coverage.

🏛️ CISA CTEP 🔴 CISA CPG ⚡ NERC CIP 🇪🇺 NIS2 Directive 🇺🇸 NIST CSF 2.0 ⚙️ IEC 62443 🏭 NIST SP 800-82 🏦 DORA ✈️ TSA Directives 🏥 HIPAA / HC3 🛡️ CMMC 2.0 🌐 ISO 27001

Start Your CISA CTEP Exercise Program Today

CPG 4.D requires documented tabletop exercises. Run your first CTEP-compliant exercise in under an hour — free.

Start Free Today → View Pricing Contact Sales