MS-ISAC Services

Overview

The mission of the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) is to improve the overall cybersecurity posture of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through coordination, collaboration, cooperation, and increased communication.

There is no cost to join the MS-ISAC, and membership is open to all U.S. SLTT government organizations. The only requirement is agreeing to the Terms and Conditions, which outlines a member’s responsibilities to protect information that is shared.

Membership benefits fall into two categories: no-cost MS-ISAC services, and services provided by the Center for Internet Security® (CIS®) for an additional fee.

For California, the Malicious Domain Blocking and Reporting (MDBR) service has been effective as an additional source of threat intelligence. This capability adds an additional element of automation in our security operations processes and playbooks, resulting in greater efficiencies. The preventive blocking and reporting provides metrics on true positive and high-fidelity events, allowing our internal teams to focus on more sophisticated attacks.”
Chief Information Security Officer
State of California

Security Operations Center (SOC)

The MS-ISAC operates within the SOC, which is a 24x7x365 joint security operations and analysis unit that monitors, analyzes, and responds to cyber incidents targeting SLTT entities. The SOC provides real-time network monitoring and notification, early cyber threat warnings and advisories, and vulnerability identification and mitigation.

You can contact the SOC directly by calling 866-787-4722 or emailing [email protected].

Malicious Domain Blocking and Reporting (MDBR)

MDBR is a highly effective, no-cost solution available to both MS-ISAC and EI-ISAC members that proactively blocks network requests from known harmful web domains, helping protect IT systems against cybersecurity threats such as malware, phishing, and ransomware. Members receive weekly reports summarizing the potentially malicious requests that MDBR has detected. They can also implement MDBR in minutes on their existing systems without additional hardware or software.

Learn more about MDBR

Cyber Incident Response Team (CIRT)

CIRT provides SLTT organizations with malware analysis, computer and network forensics, malicious code analysis/mitigation, and incident response. External vulnerability assessments are also available following a cyber incident. This service helps victims of cyber incidents to check if their remediation efforts have been effective.

Report an incident

Cybersecurity Advisories

Our cybersecurity experts disseminate short, timely emails containing technical information about software and hardware vulnerabilities.

Sign up for the newsletter and advisory notifications.

Cyber Threat Intelligence (CTI)

The CTI team collects, analyzes, and delivers actionable intelligence to operators and decision-makers responsible for defending SLTT government organizations. CTI maintains a curated, real-time, bi-directional indicator sharing platform that makes indicators available in the industry standard STIX/TAXII format and available for integration into local security operations. This platform is tailored specifically for SLTTs.

Real-Time Indicator Feeds

MS-ISAC leverages both internal and external sources to create the only intelligence feed tailored for SLTTs. Members can use carefully vetted and verified indicators, including malicious domains and file hashes, to automate defenses across their local network without additional equipment in most cases. They also have the option to choose from multiple collections of indicators derived from a range of resources.

Learn more about our real-time indicator feeds

Malicious Code Analysis Platform (MCAP)

MCAP is a no-cost web-based sandbox. It enables MS-ISAC and EI-ISAC members to submit suspicious files such as executables, DLLs, documents, quarantine files, and archives for analysis in a controlled and non-public fashion. The platform also enables users to perform threat analysis based on domain, IP address, URL, hashes, and various Indicators of Compromise (IOCs).

Nationwide Cybersecurity Review (NCSR)

The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, DHS has partnered with the MS-ISAC, NASCIO, and NACo to develop and conduct the NCSR. It's a no-cost, anonymous, annual self-assessment designed to evaluate your cybersecurity maturity.

Learn how to participate in the NCSR

Information Sharing, Cybersecurity Awareness, and Education

The MS-ISAC Community

In the MS-ISAC, working groups comprised of dedicated MS-ISAC members share their ideas and experiences.

Learn more about MS-ISAC Working Groups

Other Benefits of Working with the MS-ISAC Community

The Homeland Security Information Network (HSIN)

Through the Homeland Security Information Network (HSIN), MS-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.

Access the HSIN portal

Access to Department of Homeland Security (DHS) Initiatives

Scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors

Cyber hygine Services

Cyber Resiliency Review, NCATS, Stop.Think.Connect, and more

us-cert

Over 900 hours of free cybersecurity training for any government employee or veteran.

FedVTE

Resources designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

Stop Ransomware

Security clearances for state Chief Information Security Officers

Regional and national security exercises

CIS SecureSuite® Membership

Membership is available at no cost to U.S. SLTTs, and gives organizations access to a collection of integrated cybersecurity resources. The tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. Current MS-ISAC members can access CIS SecureSuite resources by visiting CIS WorkBench. Non-MS-ISAC members can enroll in CIS SecureSuite Membership.

Enroll in CIS SecureSuite Membership

Deloitte’s Cyber Detect & Respond Portal

Deloitte's Cyber Detect and Respond Portal helps members of MS-ISAC and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) to obtain industry-leading and continually updated CTI. Platform users can also choose to attend bi-weekly, one-hour webcasts on current and high-risk cyber threats such as attack campaigns, threat actor tactics and techniques, and new ransomware strains. Register for the Cyber Detect and Respond Portal using your work email address.

Register for the Cyber Detect and Respond Portal

Review Portals User Reference Guide

No-Cost MS-ISAC Services
For California, the Malicious Domain Blocking and Reporting (MDBR) service has been effective as an additional source of threat intelligence. This capability adds an additional element of automation in our security operations processes and playbooks, resulting in greater efficiencies. The preventive blocking and reporting provides metrics on true positive and high-fidelity events, allowing our internal teams to focus on more sophisticated attacks.”
Chief Information Security Officer
State of California

Security Operations Center (SOC)

The MS-ISAC operates within the SOC, which is a 24x7x365 joint security operations and analysis unit that monitors, analyzes, and responds to cyber incidents targeting SLTT entities. The SOC provides real-time network monitoring and notification, early cyber threat warnings and advisories, and vulnerability identification and mitigation.

You can contact the SOC directly by calling 866-787-4722 or emailing [email protected].

Malicious Domain Blocking and Reporting (MDBR)

MDBR is a highly effective, no-cost solution available to both MS-ISAC and EI-ISAC members that proactively blocks network requests from known harmful web domains, helping protect IT systems against cybersecurity threats such as malware, phishing, and ransomware. Members receive weekly reports summarizing the potentially malicious requests that MDBR has detected. They can also implement MDBR in minutes on their existing systems without additional hardware or software.

Learn more about MDBR

Cyber Incident Response Team (CIRT)

CIRT provides SLTT organizations with malware analysis, computer and network forensics, malicious code analysis/mitigation, and incident response. External vulnerability assessments are also available following a cyber incident. This service helps victims of cyber incidents to check if their remediation efforts have been effective.

Report an incident

Cybersecurity Advisories

Our cybersecurity experts disseminate short, timely emails containing technical information about software and hardware vulnerabilities.

Sign up for the newsletter and advisory notifications.

Cyber Threat Intelligence (CTI)

The CTI team collects, analyzes, and delivers actionable intelligence to operators and decision-makers responsible for defending SLTT government organizations. CTI maintains a curated, real-time, bi-directional indicator sharing platform that makes indicators available in the industry standard STIX/TAXII format and available for integration into local security operations. This platform is tailored specifically for SLTTs.

Real-Time Indicator Feeds

MS-ISAC leverages both internal and external sources to create the only intelligence feed tailored for SLTTs. Members can use carefully vetted and verified indicators, including malicious domains and file hashes, to automate defenses across their local network without additional equipment in most cases. They also have the option to choose from multiple collections of indicators derived from a range of resources.

Learn more about our real-time indicator feeds

Malicious Code Analysis Platform (MCAP)

MCAP is a no-cost web-based sandbox. It enables MS-ISAC and EI-ISAC members to submit suspicious files such as executables, DLLs, documents, quarantine files, and archives for analysis in a controlled and non-public fashion. The platform also enables users to perform threat analysis based on domain, IP address, URL, hashes, and various Indicators of Compromise (IOCs).

Nationwide Cybersecurity Review (NCSR)

The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, DHS has partnered with the MS-ISAC, NASCIO, and NACo to develop and conduct the NCSR. It's a no-cost, anonymous, annual self-assessment designed to evaluate your cybersecurity maturity.

Learn how to participate in the NCSR

Information Sharing, Cybersecurity Awareness, and Education

The MS-ISAC Community

In the MS-ISAC, working groups comprised of dedicated MS-ISAC members share their ideas and experiences.

Learn more about MS-ISAC Working Groups

Other Benefits of Working with the MS-ISAC Community

The Homeland Security Information Network (HSIN)

Through the Homeland Security Information Network (HSIN), MS-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.

Access the HSIN portal

Access to Department of Homeland Security (DHS) Initiatives

Scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors

Cyber hygine Services

Cyber Resiliency Review, NCATS, Stop.Think.Connect, and more

us-cert

Over 900 hours of free cybersecurity training for any government employee or veteran.

FedVTE

Resources designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

Stop Ransomware

Security clearances for state Chief Information Security Officers

Regional and national security exercises

CIS SecureSuite® Membership

Membership is available at no cost to U.S. SLTTs, and gives organizations access to a collection of integrated cybersecurity resources. The tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. Current MS-ISAC members can access CIS SecureSuite resources by visiting CIS WorkBench. Non-MS-ISAC members can enroll in CIS SecureSuite Membership.

Enroll in CIS SecureSuite Membership

Deloitte’s Cyber Detect & Respond Portal

Deloitte's Cyber Detect and Respond Portal helps members of MS-ISAC and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) to obtain industry-leading and continually updated CTI. Platform users can also choose to attend bi-weekly, one-hour webcasts on current and high-risk cyber threats such as attack campaigns, threat actor tactics and techniques, and new ransomware strains. Register for the Cyber Detect and Respond Portal using your work email address.

Register for the Cyber Detect and Respond Portal

Review Portals User Reference Guide

Additional Fee-Based CIS Services
Prior to Albert, I had no mechanism for fully analyzing my incoming and (just as importantly) outgoing electronic traffic. I now have a reliable, affordable, and trusted source that inspects ALL of my traffic in both directions.”
Wesley Wilcox
Marion County, Florida Elections

Albert Network Monitoring and Management®

Albert is a cost-effective Intrusion Detection System (IDS) available to SLTT entities, including election organizations, critical infrastructure, and public education. This service is committed to building and maintaining the most comprehensive set of detection rules and signatures in order to quickly and accurately identify threats that impact SLTT entities.

Learn more about Albert

CIS Managed Security Services

Our 24x7x365 SOC provides SLTT entities with cost-effective log and security event monitoring of existing devices including, but not limited to, IDS/IPS, firewalls, switches and routers, servers, endpoints, and web proxies. Our SOC escalates actionable items to organizations as alerts and is always on hand to answer questions regarding alerts or notifications.

Learn more about MSS

CIS Endpoint Security Services (ESS)

CIS ESS offers device-level protection and response to strengthen an organization’s cybersecurity program. It provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity as well as effective defense against encrypted malicious traffic. Fully monitored and managed by our SOC, the service includes various measures to protect endpoint devices.

Learn more about ESS

Vulnerability and Risk Management

CIS provides cost-effective vulnerability management solutions for networks and web applications, as well as penetration testing and phishing engagements. These services include network discovery and mapping, vulnerability assessment reporting, testing vulnerabilities for false-positives, identifying high-value assets, prioritizing vulnerabilities based on risk, and conducting custom phishing simulations.

CIS CyberMarket®

The CIS CyberMarket helps SLTT entities improve their cybersecurity posture through expert guidance and cost-effective procurement. It builds public and private partnerships and works to enhance collaboration that improves the nation’s cybersecurity posture. The CIS CyberMarket makes cybersecurity purchasing effective, easy, and economical by providing discounts on training, software, and consulting services.

Learn more about CyberMarket


Solutions for Stronger Cyber Defense

Learn how Cybersecurity Services help build a stronger cyber defense program

Check out our MS-ISAC Services Guide

We value your questions and feedback

At CIS, we are committed to serving the greater IT security community.

Contact Us Today