Included in MS-ISAC® Membership at no cost

Security Operations Center

The MS-ISAC operates within the SOC, which is a 24x7x365 joint security operations and analytical unit that monitors, analyzes and responds to cyber incidents targeting SLTT government entities. The SOC provides real-time network monitoring and notification, early cyber threat warnings and advisories, and vulnerability identification and mitigation.

Cybersecurity Advisories

The SOC disseminates short and timely emails containing technical information regarding vulnerabilities in software and hardware.

Malicious Domain Blocking and Reporting (MDBR)

The Malicious Domain Blocking and Reporting (MDBR) service is offered to MS-ISAC members in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and Akamai. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.

Learn more about MDBR.

Cyber Incident Response Team (CIRT)

Experiencing a cybersecurity incident? Even if your SLTT organization is not yet part of the MS-ISAC, you can reach out to us for help.

Learn more about our incident response services.

Malicious Code Analysis Platform (MCAP)

MCAP is a no-cost web-based sandbox that enables MS-ISAC and EI-ISAC members to submit suspicious files, including executables, DLLs, documents, quarantine files, and archives for analysis in a controlled and non-public fashion. Additionally, the platform enables users to perform threat analysis based on domain, IP address, URL, hashes, and various Indicators Of Compromise (IOCs).

Cyber Threat Intelligence (CTI)

The CTI team collects, analyzes, and delivers actionable intelligence to operators and decision-makers responsible for defending SLTT governments. CTI maintains a curated, real-time, bi-directional indicator sharing platform which makes indicators available in the industry standard STIX/TAXII format at no cost to SLTTs and which can be integrated into local security operations. This platform is unique among the industry as it is tailored specifically for SLTTs.

Real-time Threat Indicator Feeds

MS-ISAC analysts work diligently to conduct research and gather intelligence about cyber threats targeting SLTT government and affiliated systems. The ISAC leverages both internal and external sources to create the only intelligence feed tailored for SLTTs. Carefully vetted and verified indicators, such as malicious domains and file hashes, are available for members to automate defenses within their local network. In most instances, no additional equipment is needed locally. Members have the option to choose from one or more collections.

Learn about real-time indicator feeds.

Nationwide Cybersecurity Review (NCSR)

The NCSR is a no-cost, anonymous, annual self-assessment designed to evaluate cybersecurity maturity. The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, DHS has partnered with the MS-ISAC, NASCIO, and NACo to develop and conduct the NCSR.

Information Sharing, Cybersecurity Awareness, and Education

Through the Homeland Security Information Network (HSIN), MS-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.

Arrow Access the HSIN portal. Everything we do at CIS centers around collaboration with other cybersecurity experts. In the MS-ISAC, working groups comprised of dedicated MS-ISAC partners get together to share their ideas and experiences. Learn more about MS-ISAC Working Groups

By working with MS-ISAC members and other cybersecurity partners around the country, MS-ISAC also provides:

DHS Initiatives

On behalf of our MS-ISAC members, CIS coordinates a variety of DHS programs and initiatives:

CIS SecureSuite Membership

CIS SecureSuite Membership gives organizations around the world access to a collection of integrated cybersecurity resources such as CIS-CAT Pro Assessor, remediation content, and CIS-CAT Pro Dashboard. All of these tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. CIS SecureSuite Membership is free for U.S. SLTT government organizations.

Enroll in CIS SecureSuite Membership.

Deloitte’s Cyber Detect & Respond Portal

Deloitte’s Cyber Detect & Respond Portal (“Portal”) is a secure, online platform for obtaining industry-leading Cyber Threat Intelligence (CTI) for enhancing knowledge, understanding, and the ability to identify potential cyber threats & attacks and reduce enterprise cyber risk. MS- and EI-ISAC members are eligible to be given access to this resource at no cost. For any inquiries on how to utilize the portal, please head to the Portal Reference Guide.


CIS Services

Additional Fee Based Options


Network Security Monitoring (Albert)

One of our most popular services is the network monitoring solution known as Albert. Albert consists of an IDS sensor that gathers network data and sends it to the MS-ISAC for analysis.

Learn more about Albert.

Vulnerability and Risk Management

CIS provides cost-effective vulnerability management solutions for networks and web applications as well as penetration testing and phishing engagements. Some services include:

  • Network discovery and mapping
  • Vulnerability assessment reporting
  • Testing vulnerabilities for false-positives
  • Identification of high-value assets
  • Prioritizing vulnerabilities based on risk
  • Custom phishing campaigns

Learn about Services.

Managed Security Services (MSS)

Managed Security Services (MSS) provide 24/7 monitoring, event analysis, and notifications for multiple security devices, including:

  • Firewalls
  • IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
  • Web proxies
  • Endpoints
  • Switches/ Routers
  • Services

Learn about MSS.


Ready to improve your security posture?


Arrow Register for MS-ISAC membership


Or contact us:


ArrowMS-ISAC Services Guide 2021