Overview and Mission
The Multi-State Information Sharing and Analysis Center (MS-ISAC), a division of the Center for Internet Security, is the focal point for cyber threat prevention, protection, response and recovery for the nation’s state, local territory and tribal (SLTT) governments.
The mission of the MS-ISAC is to improve the overall cyber security posture of state, local, territory and tribal governments. Collaboration and information sharing among members, the U.S. Department of Homeland Security (DHS) and private sector partners are the keys to success.
The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure and two-way sharing of information between and among public and private sectors in order to identify, protect, detect, respond and recover from attacks on public and private critical Infrastructure (CI). The MS-ISAC’s 24-hour watch and warning center provides real-time network monitoring, dissemination of early cyber threat warnings, vulnerability identification and mitigation, along with education and outreach aimed at reducing risk to the nation’s SLTT government cyber domain.
The MS-ISAC comprises representatives from SLTTs. The MS-ISAC has built and nurtured a trusted environment between and among our nation’s SLTTs by providing valuable information and lessons learned on cyber threats/exploits, vulnerabilities, mitigation, consequences, and incidents, and direct assistance with responding to and recovering from cyber attacks and compromises.
The MS-ISAC works closely with DHS and is recognized as the national ISAC for SLTTs to coordinate cyber readiness and response.
The MS-ISAC also works closely with other organizations, such as the National Council of ISACs, the National Governors’ Association, the National Association of State Chief Information Officers, and fusion centers, as well as other public and private sector entities to build trusted relationships to further enhance our collective cyber security posture.
Principles of Conduct
The MS-ISAC is operationally focused and actions will be achieved through:
As part of the membership in the MS-ISAC, in order to achieve a higher state of readiness and resilience to help protect our CI, each MS-ISAC Member understands that the following principles of conduct will guide their actions:
- Agree to the above-stated common Mission;
- Agree to the MS-ISAC’s philosophy of collaboration and cooperation and will work collaboratively with all entities within their organization to further promote the collective mission of the MS-ISAC;
- Agree to share appropriate information between and among the Members to the greatest extent possible;
- Agree to collaborate and share across each of the critical sectors to reduce traditional stovepipes and other barriers in order to foster our collective mission;
- Agree to recognize the sensitivity and confidentiality of the information shared and received;
- Agree to protect all sensitive and confidential information received from other Members by taking all necessary steps at least as great as the precautions each Member takes to protect its own confidential information;
- Agree to transmit sensitive data to other Members only through the use of agreed-upon secure methods.
- Agree to take all appropriate steps to help protect our CI.
There shall be two categories of MS-ISAC membership. An organization shall be eligible for MS-ISAC membership provided the organization meets the following requirements for a category:
- An organization is a state, local territory and tribal (SLTT) government or a not-for-profit dedicated to supporting SLTT functions or organization. Membership can include individuals from both the cyber and physical security departments.
- Accepted the MS-ISAC Membership Terms and Condiitions or executed a MS-ISAC Membership Agreement.
- Supporting Member (SM) is a contractor that can demonstrate that they are hired to directly support the operations and/or maintenance of SLTT IT systems.
- SM must be sponsored by the MS-ISAC Member receiving the services and with the approval of the MS-ISAC Chair.
- Executes the MS-ISAC Supporting Membership Agreement.
- SM membership will end when the relationship with sponsoring MS-ISAC Member ends.
- Annually, MS-ISAC Members sponsoring a Supporting Member will be surveyed to confirm the continuing relationship.
- As a SM, the organization would receive information distributed to MS-ISAC Members including educational materials, as well as event notifications and warnings. SMs would not be permitted to share information gained through the MS-ISAC membership that is not available to the general public with affiliates. SMs shall not be entitled to other MSISAC Member services, including, without limitation, incident response services (unless requested by a SLTT entity), Member requested research and educational awareness materials.
- Member: refers to any individual from either a MS-ISAC Member or Suporting Member.
- Primary Member: the designated individual point of contact (POC) for an organization.
- Chair: this individual is appointed by the president of the Center for Internet Security, Inc. Chair directs the day-to-day functions of the MS-ISAC and coordinates activities and funding with the Federal Government.
- MS-ISAC Executive Committee (EC) Member: refers to a MS-ISAC Member who is elected by the SLTT membership to assist in governance for the MS-ISAC.
- Formal vote: refers to an official vote for which it is announced in advance that votes will be counted. This may occur during the course of a meeting or via email balloting.
- Each MS-ISAC Member may appoint (2) two Primary Members to officially represent them on the MS-ISAC. One of these members must be the Chief Information Security Officer or person identified as being responsible for cyber security duties for the SLTT.
- Each Supporting Member may appoint (2) Primary Members to officially represent them on the MS-ISAC. One of these Primary Members must be directly responsible for providing services or systems to an MS-ISAC Member.
- An SLTT may designate as many individuals as it would like to participate as Members in the MS-ISAC and attend meetings and functions as appropriate.
- A roster of Members will be maintained by the Chair and each Primary Member will keep the information pertaining to their state/local/territory/tribe updated in a secure manner on the MS-ISAC portal.
- MS-ISAC meetings are open to all Members.
- MS-ISAC Members may recommend and with the Chair’s approval, invite guests to attend MS-ISAC meetings.
- Meetings may provide opportunities for Members to make recommendations. Voting on such recommendations will be by a simple majority of the individuals participating in the vote.
- The MS-ISAC Chair or designee will determine when meeting minutes and other MS-ISAC-developed documents may be released beyond the MS-ISAC membership.
MS-ISAC Executive Committee
There shall be a seventeen (17) member Executive Committee for the MS-ISAC. Any SLTT MS-ISAC Member may be nominated to service on the EC. There may only be one member per entity elected to the EC. Emeritus EC members are appointed by the MS-ISAC Chair. The Executive Committee will consist of the following:
- A Chair person
- Two (2) members from tribal governments
- Two (2) members will be from fusion centers
- Four (4) members from local government of which two (2) will be from County government
- Eight (8) members from state/territory governments and
- A maximum of two (2) non-voting MS-ISAC EC Emeritus individuals may be appointed.
The role and responsibilities are:
- The term of EC members is three (3) years, except for the Chair.
- EC members will be voted upon according to the following:
a. MS-ISAC state and territory Primary members only will vote for state and territory EC positions.
b. MS-ISAC local Primary members only will vote for local government EC positions.
c. MS-ISAC Tribal Government Primary members only will vote for tribal government EC position.
d. MS-ISAC Fusion Center Primary members only will vote for Fusion Center EC positions.
Those members with the most votes will be selected for the EC. In the case of a tie, the Chair will make the selection. If an EC member leaves before the end of a term, their seat will be appointed by the Chair.
- The EC will vote on matters brought to its attention coming from work groups or the members at large. Each Committee member will have one vote on matters presented by the Chair for vote by the EC, with a tie vote being broken by the Chair. A simple majority will be sufficient to carry the vote.
- The EC will meet monthly by phone/webcast or in person. Only EC members, assigned MS-ISAC staff and invited quests are allowed to attend EC meetings. Attendance at EC meetings cannot be delegated to another individual.
- EC members are expected to be ambassadors for the MS-ISAC by promoting and supporting its mission, by participating in reporting and other activities of the MS-ISAC, and by encouraging other Members to participate in the activities of the organization.
- EC members must be willing and able to attend monthly conference call/webcasts.
- The EC will help to develop and approve the goals of all workgroups.
- The EC will be responsible for advising the chair on strategic direction of the MS-ISAC.
MS-ISAC EC Emeritus Member
The MS-ISAC gain significant value, experience, knowledge, and continued synergy with member(s) appointed to Emeritus status. Past MS-ISAC Members who served the MS-ISAC EC with outstanding leadership and consistent efforts now are honored in continuing their outstanding efforts and their passion in holding this status as an honor that supports the Mission of the MS-ISAC.
To obtain Emeritus member status for the MS-ISAC EC - the individual was a member of the MS-ISAC EC for a minimum of two-elected terms. This status is confirmed and appointed by the MS-ISAC Chair.
The role and responsibilities are:
- The term of EC Emeritus members (ECEM) is 3 years, approved by the MS-ISAC Chair.
- An individual’s Emeritus status is not associated to SLTT entity or private-sector.
- The ECEM will not vote on matters brought to the attention of the EC.
- The EC will meet monthly by phone/webcast or in person. Only EC members and ECEM, assigned MS-ISAC staff and invited quests are allowed to attend Executive Committee meetings. Attendance at Executive Committee meetings cannot be delegated to another individual.
- ECEM are expected to be ambassadors for the MS-ISAC by promoting and supporting its mission, by participating in reporting and other activities of the MS-ISAC, and by encouraging other Members to participate in the activities of the organization.
- The ECEM will assist in providing their leadership and insight on security practices, as well as to assist in the development of the goals of all workgroups.
- The EC and ECEM are responsible for advising the chair on strategic direction of the MS-ISAC.
The MS-ISAC may appoint workgroups or subcommittees to deal with specific matters. At least one of the co-chairs of the workgroup will be an Executive Committee Member. Other co-chairs will be MS-ISAC Members and may include subject matter experts from entities that are not Members of the MS-ISAC.
Any changes made to this charter will be done by a majority vote of the EC members voting.
- Original Charter Adopted October 2004
- Updated version adopted September 2009
- Updated version adopted March 2013
- Updated version adopted May 06, 2014
- Updated version adopted December 27, 2015
- Updated version adopted September 24, 2018