MS-ISAC® Membership FAQ
Overview and Purpose
Why is the MS-ISAC moving to a fee-based membership model?
The shift to a fee-based model is necessary due to significant decreases in federal funding for the MS-ISAC. Historically, core MS-ISAC functions and services were supported by Congressional appropriations through a Cooperative Agreement (CA). Reduced federal funding makes it essential to adopt a sustainable, member-driven approach to ensure these vital cybersecurity services remain available to SLTT governments nationwide. Federal funding for the MS-ISAC is set to end on September 30, 2025. Services previously covered by the federal government — and temporarily funded by CIS since March 6 — will also cease on that date unless a transition to a fee-based membership model is implemented.
Which MS-ISAC services have been defunded by the federal government and which are still being funded under the Cooperative Agreement?
On March 6, the federal government cancelled funding to ten categories of work affecting MS-ISAC operations, including cyber threat analysis and threat distribution, incident response services, a wide range of member onboarding and account management support, and outreach activities including webinars, training, and virtual and in-person meetings. Numerous MS-ISAC services were not affected by the funding cuts and are still supported by the Cooperative Agreement administered by DHS/CISA through September 30, 2025, including federally funded Albert Network Monitoring and Management sensors, Malicious Domain Blocking and Reporting (MDBR), and cybersecurity advisories. For a full listing of how funding cuts have impacted MS-ISAC services, visit https://learn.cisecurity.org/ms-isac-value-impact-across-america.
Why can't the MS-ISAC continue to offer these services for free?
MS-ISAC member benefits, including tailored threat intelligence, member engagement and support, 24x7x365 SOC services, and collaborative working groups, require dedicated staff, infrastructure, and technical resources. Without sufficient and predictable funding, we cannot continue delivering these services. A paid membership model ensures continued access, quality, and innovation to meet SLTT needs amid evolving cyber threats.
How will the new model support underserved or smaller jurisdictions?
The model preserves CIS’s commitment to serving “cyber underserved” SLTT organizations. By offering affordable individual membership options scaled to budget at various pricing tiers, even the smallest or most resource-constrained entities can participate and benefit.
Membership Eligibility and Access
Who qualifies for MS-ISAC membership under the new model?
Membership options have been developed to enable all eligible U.S. State, Local, Tribal, and Territorial (SLTT) government entities to join the MS-ISAC. Eligibility generally includes U.S. state agencies, local governments, public education institutions, public utilities, public healthcare organizations, and tribal and territorial governments. Eligibility will be confirmed during the membership enrollment process.
Will this change how my organization engages with the MS-ISAC day-to-day?
No. Members will continue to engage with the MS-ISAC as they do today through established channels such as account managers, working groups, webinars, and the CIS SOC.
Is access to CIS Benchmarks and Hardened Images impacted by MS-ISAC membership? Will SLTTs who are not members continue to have access to CIS SecureSuite under the new model?
Access to CIS Benchmarks are provided to the global community including U.S. SLTTs at no cost regardless of any CIS memberships. This is not changing under the new membership model.
CIS Hardened Images will also remain a separate, fee-based product based on usage. There is no change to the CIS Hardened Images with the MS-ISAC membership model.
The no-cost CIS SecureSuite Membership that CIS provides to SLTTs will continue independently of MS-ISAC membership and will not be tied to the new fee-based membership structure.
When will my organization lose access to MS-ISAC benefits if we do not sign up for a membership?
Existing MS-ISAC members will need to sign up under the new fee-based membership model by Sept. 30, 2025, to receive continued access to MS-ISAC benefits.
Membership Tiers and Annual Operating Budget
How do we determine our membership tier?
To determine which Tier an organization belongs in, we will be using a self-attestation model. Given the wide variety of budget structures across the thousands of SLTT members in the MS-ISAC—including pass-through funding, budgets that include unrelated or semi-autonomous entities, and capital/project-heavy models—each organization is best positioned to determine which budget components most accurately reflect their operational scope. The Price Tier that you select should align with the Organizations and Entities that will be covered or supported by you and the services you receive from the MS-ISAC Membership.
If your organization’s budget includes separate or independent entities (e.g., school districts, libraries, utilities, or other departments with independent governance or funding), you may exclude those portions when determining your Tier. These entities are expected to register separately, using their own operating budgets.
If you feel there are areas of your budget that should not be considered when determining your membership Tier, you can and should exclude those when making your determination.
How are membership tiers determined for a single organization membership?
Pricing tiers for single organization memberships are based on the organization’s total overall annual operating budget, not just the IT or cybersecurity department’s budget. This approach ensures consistent, equitable tier placement across all eligible entity types, regardless of how budgets are structured internally.
How do I determine my Operating Budget?
Your Operational Budget is your annual financial plan that outlines the expected revenues and expenditures for the day-to-day functioning of the departments and organization to be supported via the MS-ISAC Membership.
It typically includes all of the recuring, day-day expenses of the organization, such as Salaries and Wages, Supplies, Travel, Facilities, and contracted services.
It would exclude any passthrough budget allocated to autonomous entities and capital expenditures which focus on long-term investments like infrastructure projects.
How do I determine if my organizations elections office is separate or should be covered by the county’s account?
To determine if your elections office should have separate membership or be included under the county’s membership, consider the following:
- Is the Elections office an autonomous entity from an IT infrastructure standpoint, or is it managed by the county?
- If it is not autonomous and the county oversees its IT infrastructure, the elections office can be included in the county’s membership.
- If the elections office is autonomous, does its operating budget fall under the county’s budget?
- Yes: The elections office should apply for membership separately and their budget can be removed from your operating budget
- No: The elections office should apply for its own membership.
Specific to schools and universities: When determining Annual Operating Budget, should we use the budget for our entire school system or is each school expected to sign up on their own?
The Price Tier that you select should align with the Organizations and Entities that will be covered or supported by you and the services you receive from the MS-ISAC Membership. If the services are utilized at the university system level and not the individual school level, you should use the Annual Operating Budget of the entire school system. If each school is looking to utilize our services in a unique capacity, each school would need to purchase their own membership.
Are membership fees billed annually?
Yes. All membership fees are assessed annually and provide access to benefits for a 12-month term unless otherwise noted.
Can multi-year memberships be purchased?
At this time, memberships are offered on an annual basis. Multi-year options may be available in the future based on member demand.
If the benefits are the same for all organizations, why do larger organizations need to pay more?
The pricing tiers for MS-ISAC membership ensure all members receive the same high-value services. Membership fees are scaled to reflect each organization’s financial capacity, ensuring that cost is never a barrier to participation. Under MS-ISAC membership, all members benefit equally while contributing proportionally.
My IT Department’s budget/staff is very small. Why are you charging a fee based on the overall annual operating budget?
The decision to base the MS-ISAC Single Organization membership cost on an organization’s total annual operating budget—rather than solely on IT budget or staff size—was made to ensure a fair and scalable funding structure that reflects the overall capacity of each member organization, as the benefits to this membership will impact the entire organization.
While we understand that some entities may have modest IT departments or limited cybersecurity resources, the cybersecurity risks and responsibilities they face are often proportional to the scope and complexity of their overall operations, not just their IT footprint. By using the total operating budget as a baseline, we aim to:
- Promote equity among diverse member organizations
- Sustain critical services like 24/7 threat monitoring, incident response, and intelligence sharing
- Ensure long-term viability of the MS-ISAC’s support for all SLTTs, regardless of size
We recognize that this model may not perfectly align with every organization’s internal structure, and we’re committed to working with members to ensure they receive maximum value from their membership.
We are a very small organization and will struggle to find budget to purchase membership. Are there any options for small organizations like ours?
We understand that smaller organizations often operate with limited resources, and we’re committed to making our membership accessible and valuable regardless of size. If your organization has an operating budget under $25 million and is unable to allocate the full $995 membership fee due to budget constraints, you may qualify for financial assistance. We offer several flexible options to support small organizations:
- 12-month membership with 6 months deferred billing
- 50% off a 12-month membership
- 12-month membership with no payment required
These options are designed to ensure that cost isn’t a barrier to accessing the cybersecurity support and resources we provide.
Who can purchase a membership on behalf of an organization?
Any active user of an organization may do so.
Will payment terms be offered?
Yes. Standard payment terms (e.g., Net 30) will apply, though in some cases, extended terms may be offered based on SLTT purchasing processes.
What if my organization cannot afford membership at current prices?
The continuity of the MS-ISAC depends upon members contributing to the community at the affordable, flexible pricing tiers outlined in the MS-ISAC membership model. We understand that the complexities of budget cycles and the necessary speed of this change will make it difficult for some organizations to gather sufficient funding to pay for membership. During sign-up, organizations with an annual operating budget below $25M can request financial assistance, and CIS will assess eligibility as part of the verification process.
My organization has a lot of pass-through funding, which significantly inflates our operating budget, can we exclude those from our Annual Operating Budget?
The process we will be using to determine which Tier an organization belongs in will be a “self-attestation” model. For organizations with pass-through funding (such as the purchase of power and grant money being triaged through your organization), you should exclude those from your Annual Operating Budget, as they do not reflect core operating expenses.
Membership Terms and Renewal
How do I receive a quote for membership?
To receive a quote for the MS-ISAC membership, please continue to the CIS Portal and register for the MS-ISAC membership. After selecting your organizations tier, there is a “Edit Billing Information” drop down where there is a comment area. This is where you can request a quote or other information. Our Operations team will follow up with your organization after the registration is submitted.
My organization has specific forms that need to be filled out by Center for Internet Security before we can purchase membership. Who do I need to contact to get these forms filled out?
To request specific forms to be filled out and completed for the MS-ISAC membership, please continue to the CIS Portal and register for the MS-ISAC membership. After selecting your organizations tier, there is a “Edit Billing Information” drop down where there is a comment area. This is where you can request a form to be completed or other information. Our Operations team will follow up with your organization after the registration is submitted.
Will organizations need to sign membership agreements annually?
Yes. Similar to other CIS services, organizations will agree to the MS-ISAC Terms and Conditions upon initial enrollment and will be required to reaffirm or update agreement terms upon renewal.
Will there be an easy way for members to cancel or opt out of auto-renewal?
Yes. The renewal process will include clear options for members to cancel or opt out, as needed.
If I let my membership lapse, will I lose access to services immediately?
There may be a short grace period following expiration. However, access to MS-ISAC services, will ultimately require an active membership.
When will my membership subscription start?
Your membership subscription will begin on the date the invoice for your MS-ISAC membership is issued. You will have 30 days from the invoice date to submit payment. Your membership access will remain active during this period. If payment is not received within 30 days, your membership will be revoked until payment is completed.
Can membership be transferred if an organization is merged or restructured?
Membership applies to the organization as defined at the time of enrollment. If major changes occur (e.g., mergers, restructures), MS-ISAC will work with members to appropriately align the membership under the new organizational structure.
When will I be invoiced after signing up for membership?
If you are purchasing membership through CIS, you will receive an invoice within 1 business day. If your organization is purchasing membership through Carahsoft, you will receive a quote from Carahsoft within 1 business day. When recieving an invoice from Carahsoft, it will depend on how long it takes your organization to approve the Carahsoft quote.
Who will the membership invoice be coming from?
This depends on the process the organization followed within the CIS Portal. If the organization chose to go through our reseller Carahsoft, then the invoice will be from Carahsoft.
If the organization did not go through Carahsoft, then the invoice will come from:
Center for Internet Security, Inc.
PO Box 536014
Pittsburgh, Pennsylvania 15253-5902
My organization is currently utilizing a paid service (Albert, ESS, MDBR+, etc). Will we need to purchase a membership to continue using our service?
CIS will honor the length of the contracted service and will continue to use their service until the end of that service term. When it is time for renewal, MS-ISAC membership will be required to purchase. Organizations will lose other MS-ISAC member benefits on 10/1 if they have not become members.
Can you tell me if my State has purchased the state-wide membership option?
The State CIO and CISOs have been provided with all available information on the Statewide option. At this point, we don't have anything additional to share.
Is MS-ISAC Membership required to purchase add on services at cost?
Yes, starting October 1st, MS-ISAC membership is required to be able to purchase any add-on services at cost.
If your organization is currently utilizing an add-on/paid service, CIS will honor the length of the contracted service and will continue to use their service until the end of that service term. When it is time for renewal, MS-ISAC membership will be required to purchase.
How will the NCSR be affected?
The NCSR is a product owned by CISA, that we are responsible for facilitating. As of today, it is unclear as to what decision will be made regarding the NCSR and it's connection to MS-ISAC membership. As we hear more regarding the status of the FY 25/26 Cooperative Agreement, we will ensure all of our members are as up to date as possible.
Will SecureSuite still be free for the SLTT community?
CIS SecureSuite will continue to be no-cost for SLTT community and does not require MS-ISAC Membership.
What will happen if my organization purchases a single membership and then the State decides to purchase a state-wide membership later? Will my organization get a refund?
If an organization pays for a single membership and then the state signs up for state wide membership, that organization can decide if they want a refund or if they want a credit towards other/future purchases. The amount will be based on time elapsed. Example, If an organization is halfway through their term, and the state then signs up, we refund or credit 50% of their fee.
Will the new membership fee already apply tax exemption status or will I need to submit my tax exemption form?
The new MS-ISAC Membership will apply tax exemption status by default.
Can EI-ISAC Members purchase MS-ISAC membership?
All current MS and EI-ISAC members are eligible for MS-ISAC membership.
What are the key dates for the new MS-ISAC Membership?
MS-ISAC Membership is now available for purchasing via the CIS Portal.
Organizations that register for the new MS-ISAC membership before September 1, 2025, will be enrolled in an 18-month membership at a 12-month membership price. The price of the member will also be locked in regardless of what happens with the Cooperative Agreement funding. Once an organization is enrolled in membership, their services and membership will start immediately.
Starting October 1, 2025, services disruptions will occur to organizations who did not register for membership and will need to purchase membership to obtain MS-ISAC benefits and services.
We are currently utilizing federally funded Endpoint Detection & Response. Will this continue with Membership so we don’t lose any protection?
If you are receiving our Endpoint Detection & Response service through the current federal funding, with the purchase of MS-ISAC membership, you will retain access to this service through September 30th, 2026 at no additional cost. Beyond September 30th, 2026, we cannot guarantee (federal) funding/inclusion with membership for this service will continue. We will continue to update our current users, as more information on continuation becomes available.
I am currently using a no-cost services through CIS, will any services remain no cost?
The only services that will remain no-cost are the following:
- CIS Benchmarks
- CIS-CAT
- Community Defense Model
- CIS Controls Navigator
- CIS CSAT Ransomware Business Impact Analysis Tool
- CIS RAM
- CIS SecureSuite©
- CIS Workbench
- TLP: CLEAR Threat Intelligence Feed (automated indicators derived from open sources or are no longer actively being seen in MS-ISAC member cases (i.e. reduced from TLP:AMBER down)
- TLP: CLEAR CTI Reporting (finished analysis from the CTI team delivered after it has been scrubbed for TLP:GREEN and above content (blogs, whitepapers, etc. provided approximately 2 weeks after being disseminated to members)
- SOC Advisories available via the CIS website or CIS Portal (typically within 72 hours following email delivery to members)
Funding and Service Continuity
What is the Cooperative Agreement (CA)?
The Cooperative Agreement is the federal funding provided by the U.S. Department of Homeland Security (DHS) to the Center for Internet Security (CIS) to support the Multi-State Information Sharing and Analysis Center (MS-ISAC). On March 6, the federal government cancelled funding to ten categories of work affecting MS-ISAC operations, including cyber threat analysis and threat distribution, incident response services, a wide range of member onboarding and account management support, and outreach activities including webinars, training, and virtual and in-person meetings.
What happens if federal funding is further reduced or eliminated?
The fee-based membership model is designed to create long-term sustainability for MS-ISAC services. If further federal funding reductions occur, member fees will increase in order to fund the benefits no longer funded through the federal government. The increased cost without federal funding for all pricing tiers of the single organization membership can be found at: https://learn.cisecurity.org/MS-ISAC-Single-Org-Membership-Model.
What happens if federal funding is restored in future years?
Should federal funding be restored, the MS-ISAC will engage with the Executive Committee to establish a fair and equitable framework for revising pricing and addressing any implications for members who have already purchased a membership. CIS is committed to being transparent and responsive to changes in the funding environment, with the goal of reducing financial burdens on members when feasible.
Could services or pricing change in the future based on funding or member needs?
MS-ISAC will regularly review offerings and pricing in coordination with members. Adjustments may occur to ensure sustainability, improve value, or respond to changes in funding or cybersecurity threats.
Membership Purchasing through a Reseller
Can I purchase an MS-ISAC membership through a reseller like Carahsoft?
Yes. Carahsoft is currently the exclusive authorized reseller for MS-ISAC single organization memberships. Additional resellers may be considered in the future and more details will follow.
Do I have to purchase through Carahsoft?
No, you do not have to purchase membership through Carahsoft. This option is available for organizations who cannot purchase direct from CIS.
Can I obtain a quote through Carahsoft on the CIS Portal?
Yes, you can obtain a quote and purchase membership through Carahsoft via the CIS Portal.
What contract vehicles and payment methods are available through Carahsoft?
You can use the NASPO ValuePoint contract, and soon the GSA Schedule 70 will be available. Carahsoft accepts credit cards and ACH transfers, with a secure portal for credit card payments.
Is there a difference in pricing or services when purchasing through Carahsoft?
Pricing may be slightly lower due to contract-based discounts, but the services included in the membership are identical regardless of the purchase method.
How does the procurement and renewal process work through Carahsoft?
Carahsoft typically provides a quote within one business day, and membership activates within one business day of order confirmation. The onboarding and renewal processes are the same as purchasing directly from CIS.
Where to Get Help or Learn More?
If you have further questions or need assistance determining the best membership option for your organization, please contact MS-ISAC Member Services at [email protected], or visit our website at cisecurity.org/ms-isac
Not an SLTT entity? You can still benefit our from publicly-available MS-ISAC Daily Tips, white papers, and other resources.