MS-ISAC® Membership FAQ

Membership is open to all U.S. SLTT government entities.

The only requirement is agreement to the Terms and Conditions, which outlines a member’s responsibilities to protect information that is shared.

Yes. Each organization designates a “Primary Member” who is then responsible for authorizing additional individuals in their organization to become members.

Yes. The MS-ISAC works closely with federal partners at DHS, along with Federal Bureau of Investigation, U.S. Secret Service and others to better share information on emerging threats. The MS-ISAC also has strong relationships with major internet service providers, cybersecurity firms, researchers, and software developers.

Register for MS-ISAC Membership  or contact us: [email protected].

Membership benefits include direct access to cybersecurity advisories and alerts, vulnerability assessments and incident response for entities experiencing a cyber threat, secure information sharing through the Homeland Security Information Network (HISN) portal, tabletop exercises, a weekly malicious domains/IP report, multiple DHS initiatives, CIS SecureSuite Membership, MS-ISAC National Webinar, and more.

Yes. In addition to advisories and information bulletins regarding the latest cyber threats and vulnerabilities, the MS-ISAC provides a variety of educational, awareness, and training resources and opportunities.

Yes. The Cyber Incident Response Team (CIRT) provides SLTT governments with malware analysis, computer and network forensics, malicious code analysis/mitigation, and incident response. External vulnerability assessments are also available post a cyber incident. This service helps victims of cyber incidents to check if their remediation efforts have been effective.

There is no cost to join the MS-ISAC. It is primarily supported by the DHS to serve as the central cybersecurity resource for the nation’s SLTT governments.

Generally, the Cybersecurity and Infrastructure Security Agency (CISA) has visibility into certain data that is derived from sensors/services that are funded via the Cooperative Agreement subject to confidentiality obligations. For example,  CISA  may request and receive the full set of Albert Network Monitoring and Management data only for those Albert deployments funded via the Cooperative Agreement, which represents approximately 20% of the deployed Albert sensor fleet.

Albert: Roughly 80% of deployed Albert sensors are paid for by U.S. state and local governments. For these SLTT-funded sensors, Albert alert data and Albert NetFlow metadata is shared with Federal partners only with the explicit approval of the individual hosting state or local organization.

The deployment of the remaining Albert sensors is funded by Congressional appropriation through the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS- and EI-ISAC) to support cyber defense across the U.S. below the federal level. For these CISA-funded sensors, information shared with federal partners is limited to Albert alert data and Albert NetFlow metadata.

NCSR: For the Nationwide Cybersecurity Review (NCSR), CISA currently sees only anonymized data, such as threat data and self-reported maturity scores by sector. To date, this data is anonymized, so there is no organization-specific information included.

Cyber Incident Response: For cyber incident response cases, CIS shares information with CISA, including affected entity name, type of case, and case notes, unless the organization explicitly instructs the MS-ISAC not to do so. An organization may mark their case as TLP Red, in which case only non-attributional information will be shared with CISA.