Overview and Mission
The Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security, is the focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local territory and tribal (SLTT) governments.
The mission of the MS-ISAC is to improve the overall cyber security posture of state, local, territory and tribal governments. Collaboration and information sharing among members, the U.S. Department of Homeland Security (DHS) and private sector partners are the keys to success.
The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure and two-way sharing of information between and among public and private sectors in order to identify, protect, detect, respond and recover from attacks on public and private critical Infrastructure (CI). The MS-ISAC’s 24-hour watch and warning center provides real-time network monitoring, dissemination of early cyber threat warnings, vulnerability identification and mitigation, along with education and outreach aimed at reducing risk to the nation’s SLTT government cyber domain.
The MS-ISAC comprises representatives from SLTTs. The MS-ISAC has built and nurtured a trusted environment between and among our nation’s SLTTs by providing valuable information and lessons learned on cyber threats/exploits, vulnerabilities, mitigation, consequences, and incidents, and direct assistance with responding to and recovering from cyber attacks and compromises.
The MS-ISAC works closely with DHS and is recognized as the national ISAC for SLTTs to coordinate cyber readiness and response.
The MS-ISAC also works closely with other organizations, such as the National Council of ISACs, the National Governors’ Association, the National Association of State Chief Information Officers, and fusion centers, as well as other public and private sector entities to build trusted relationships to further enhance our collective cyber security posture.
Principles of Conduct
The MS-ISAC is operationally focused and actions will be achieved through:
As part of the membership in the MS-ISAC, in order to achieve a higher state of readiness and resilience to help protect our CI, each MS-ISAC Member understands that the following principles of conduct will guide their actions:
- Agree to the above-stated common Mission;
- Agree to the MS-ISAC’s philosophy of collaboration and cooperation and will work collaboratively with all entities within their organization to further promote the collective mission of the MS-ISAC;
- Agree to share appropriate information between and among the Members to the greatest extent possible;
- Agree to collaborate and share across each of the critical sectors to reduce traditional stovepipes and other barriers in order to foster our collective mission;
- Agree to recognize the sensitivity and confidentiality of the information shared and received;
- Agree to protect all sensitive and confidential information received from other Members by taking all necessary steps at least as great as the precautions each Member takes to protect its own confidential information;
- Agree to transmit sensitive data to other Members only through the use of agreed-upon secure methods.
- Agree to take all appropriate steps to help protect our CI.
There shall be one category of MS-ISAC membership.
An organization shall be eligible for MS-ISAC membership provided the organization meets the following requirements:
- It is one of the SLTTs. Membership can include individuals from both the cyber and physical security departments.
- Executes the MS-ISAC Membership Agreement.
- Member: refers to any individual from SLTTs, who belongs to the MS-ISAC.
- Primary Member: the designated individual point of contact (POC) from SLTT and the voting representative for their SLTT.
- Chair is appointed by the president of the Center for Internet Security, Inc.
- Chair: directs the day-to-day functions of the MS-ISAC and coordinates activities and funding with the Federal Government.
- MS-ISAC Executive Committee Member: refers to a Member who is elected by the membership to assist in governance for the MS-ISAC.
- Formal vote: refers to an official vote for which it is announced in advance that votes will be counted. This may occur during the course of a meeting or via email balloting.
- Each SLTT may appoint (2) two Primary Members to officially represent them on the MS-ISAC. One of these members must be the Chief Information Security Officer or person identified as being responsible for cyber security duties for the SLTT.
- A SLTT may designate as many individuals as it would like to participate as Members in the MS-ISAC, and attend meetings and functions as appropriate.
- A roster of Members will be maintained by the Chair and each Primary Member will keep the information pertaining to their state/local/territory/tribe updated in a secure manner on the MS-ISAC portal.
- Meetings, except for the Annual Meeting, will be held on the last Tuesday of each month at 3:00pm Eastern, via teleconference and webcast.
- MS-ISAC meetings are open to all Members.
- MS-ISAC Members may recommend to the Chair other invited guests to attend MS-ISAC meetings.
- Meetings may provide opportunities for Members to make recommendations. Voting on such recommendations will be by a simple majority of the individuals participating in the vote.
- Archives of the monthly meetings will be made available via the MS-ISAC portal.
- The MS-ISAC Chair or designee will determine when meeting minutes and other MS-ISAC-developed documents may be released beyond the MS-ISAC membership.
MS-ISAC Executive Committee
There shall be a seventeen (17) member Executive Committee for the MS-ISAC. One of the Committee members is the Chair of the MS-ISAC, two (2) members will be from tribal governments, two (2) members will be from fusion centers, four (4) from local government two (2) of which will be from County governments, and the remaining eight (8) committee members will be from different states/territories.
- The term of Executive Committee members is three (3) years, except for the Chair.
- Executive Committee members will be voted upon according to the following:
- MS-ISAC state and territory Primary members only will vote for state and territory Executive Committee positions.
- MS-ISAC local Primary members only will vote for local government Executive Committee positions.
- MS-ISAC Tribal government Primary members only will vote for tribal government Executive Committee position.
- MS-ISAC Fusion Center Primary members only will vote for Fusion Center Executive Committee positions.
Those members with the most votes will be selected for the Executive Committee. In the case of a tie, the Chair will make the selection. If a committee member leaves before the end of a term, their seat will be appointed by the Chair.
- The Executive Committee will vote on matters brought to its attention coming from work groups or the members at large. Each Committee member will have one vote on matters presented by the Chair for vote by the Executive Committee, with a tie vote being broken by the Chair. A simple majority will be sufficient to carry the vote.
- The Executive Committee will meet monthly by phone/webcast or in person. Only Executive Committee members, assigned MS-ISAC staff and invited quests are allowed to attend Executive Committee meetings. Attendance at Executive Committee meetings cannot be delegated to another individual.
- Executive Committee members are expected to be ambassadors for the MS-ISAC by promoting and supporting its mission, by participating in reporting and other activities of the MS-ISAC, and by encouraging other Members to participate in the activities of the organization.
- The Executive Committee will help to develop and approve the goals of all workgroups.
- The Executive Committee will be responsible for advising the chair on strategic direction of the MS-ISAC.
The MS-ISAC may appoint workgroups or subcommittees to deal with specific matters. At least one of the co-chairs of the workgroup will be an Executive Committee Member. Other co-chairs will be MS-ISAC Members and may include subject matter experts from entities that are not Members of the MS-ISAC.
Any changes made to this charter will be done by a majority vote of the primary members voting.
- Original Charter Adopted October 2004
- Updated version adopted September 2009
- Updated version adopted March, 2013
- Updated version adopted May 06, 2014
- Updated version adopted December 27, 2015