MS-ISAC® Membership FAQ

The shift to a fee-based model is necessary due to significant decreases in federal funding for the MS-ISAC. Historically, core MS-ISAC functions and services were supported by Congressional appropriations through a Cooperative Agreement (CA). Reduced federal funding makes it essential to adopt a sustainable, member-driven approach to ensure these vital cybersecurity services remain available to SLTT governments nationwide. Federal funding for the MS-ISAC is set to end on September 30, 2025. Services previously covered by the federal government — and temporarily funded by CIS since March 6 — will also cease on that date unless a transition to a fee-based membership model is implemented.

On March 6, the federal government cancelled funding to ten categories of work affecting MS-ISAC operations, including cyber threat analysis and threat distribution, incident response services, a wide range of member onboarding and account management support, and outreach activities including webinars, training, and virtual and in-person meetings. Numerous MS-ISAC services were not affected by the funding cuts and are still supported by the Cooperative Agreement administered by DHS/CISA through September 30, 2025, including federally funded Albert Network Monitoring and Management sensors, Malicious Domain Blocking and Reporting (MDBR), and cybersecurity advisories. For a full listing of how funding cuts have impacted MS-ISAC services, visit https://learn.cisecurity.org/ms-isac-value-impact-across-america.

MS-ISAC member benefits, including tailored threat intelligence, member engagement and support, 24x7x365 SOC services, and collaborative working groups, require dedicated staff, infrastructure, and technical resources. Without sufficient and predictable funding, we cannot continue delivering these services. A paid membership model ensures continued access, quality, and innovation to meet SLTT needs amid evolving cyber threats.

The model preserves CIS’s commitment to serving “cyber underserved” SLTT organizations. By offering affordable individual membership options scaled to budget at various pricing tiers, even the smallest or most resource-constrained entities can participate and benefit.

Membership options have been developed to enable all eligible U.S. State, Local, Tribal, and Territorial (SLTT) government entities to join the MS-ISAC. Eligibility generally includes U.S. state agencies, local governments, public education institutions, public utilities, public healthcare organizations, and tribal and territorial governments. Eligibility will be confirmed during the membership enrollment process.

No. Members will continue to engage with the MS-ISAC as they do today through established channels such as account managers, working groups, webinars, and the CIS SOC.

Access to CIS Benchmarks are provided to the global community including U.S. SLTTs at no cost regardless of any CIS memberships. This is not changing under the new membership model.

CIS Hardened Images will also remain a separate, fee-based product based on usage. There is no change to the CIS Hardened Images with the MS-ISAC membership model.

The no-cost CIS SecureSuite Membership that CIS provides to SLTTs will continue independently of MS-ISAC membership and will not be tied to the new fee-based membership structure.

Existing MS-ISAC members will need to sign up under the new fee-based membership model by Sept. 30, 2025, to receive continued access to MS-ISAC benefits.

Pricing tiers for single organization memberships are based on the organization’s total overall annual operating budget, not just the IT or cybersecurity department’s budget. This approach ensures consistent, equitable tier placement across all eligible entity types, regardless of how budgets are structured internally.

The pricing tiers for MS-ISAC membership ensure all members receive the same high-value services. Membership fees are scaled to reflect each organization’s financial capacity, ensuring that cost is never a barrier to participation. Under MS-ISAC membership, all members benefit equally while contributing proportionally.

Yes. All membership fees are assessed annually and provide access to benefits for a 12-month term unless otherwise noted.

At this time, memberships are offered on an annual basis. Multi-year options may be available in the future based on member demand.

Any active user of an organization may do so.

Yes. Standard payment terms (e.g., Net 30) will apply, though in some cases, extended terms may be offered based on SLTT purchasing processes.

The continuity of the MS-ISAC depends upon members contributing to the community at the affordable, flexible pricing tiers outlined in the MS-ISAC membership model. We understand that the complexities of budget cycles and the necessary speed of this change will make it difficult for some organizations to gather sufficient funding to pay for membership. During sign-up, organizations with an annual operating budget below $25M can request financial assistance, and CIS will assess eligibility as part of the verification process.

Yes. Similar to other CIS services, organizations will agree to the MS-ISAC Terms and Conditions upon initial enrollment and will be required to reaffirm or update agreement terms upon renewal.

Yes. The renewal process will include clear options for members to cancel or opt out, as needed.

There may be a short grace period following expiration. However, access to MS-ISAC services, will ultimately require an active membership.

Your membership subscription will begin on the date the invoice for your MS-ISAC membership is issued. You will have 30 days from the invoice date to submit payment. Your membership access will remain active during this period. If payment is not received within 30 days, your membership will be revoked until payment is completed.

Membership applies to the organization as defined at the time of enrollment. If major changes occur (e.g., mergers, restructures), MS-ISAC will work with members to appropriately align the membership under the new organizational structure.

The fee-based membership model is designed to create long-term sustainability for MS-ISAC services. If further federal funding reductions occur, member fees will increase in order to fund the benefits no longer funded through the federal government. The increased cost without federal funding for all pricing tiers of the single organization membership can be found at: https://learn.cisecurity.org/MS-ISAC-Single-Org-Membership-Model.

Should federal funding be restored, the MS-ISAC will engage with the Executive Committee to establish a fair and equitable framework for revising pricing and addressing any implications for members who have already purchased a membership. CIS is committed to being transparent and responsive to changes in the funding environment, with the goal of reducing financial burdens on members when feasible.

MS-ISAC will regularly review offerings and pricing in coordination with members. Adjustments may occur to ensure sustainability, improve value, or respond to changes in funding or cybersecurity threats.

Yes. Carahsoft is currently the exclusive authorized reseller for MS-ISAC single organization memberships. Additional resellers may be considered in the future and more details will follow.

You can use the NASPO ValuePoint contract, and soon the GSA Schedule 70 will be available. Carahsoft accepts credit cards and ACH transfers, with a secure portal for credit card payments.

Pricing may be slightly lower due to contract-based discounts, but the services included in the membership are identical regardless of the purchase method.

Carahsoft typically provides a quote within one business day, and membership activates within one business day of order confirmation. The onboarding and renewal processes are the same as purchasing directly from CIS.