Included in MS-ISAC® Membership


The MS-ISAC Security Operations Center (SOC) analyzes cyber threat information from a variety of sources and shares this information with MS-ISAC members when necessary. Advisories can include important information about threats, vulnerabilities, exploits, attacks, and compromises. In addition to these advisories, the MS-ISAC provides its members with weekly threat reports, monthly situational awareness reports, and a monthly webcast. MS-ISAC members are also invited to schedule a conference call to discuss cyber threat concerns.

Threat Notification

MS-ISAC analysts work with trusted affiliates to conduct research and gather intelligence about cyber threats (such as website defacement) targeting government or government-affiliated systems. Notices are sent to impacted MS-ISAC members based on predetermined escalation procedures. The MS-ISAC also provides recommended remediation steps and technical assistance.

Vulnerability Assessment

For state, local, tribal, and territorial (SLTT) entities experiencing a targeted cyber threat (see "Threat Notification" above), the MS-ISAC provides a free network and web application vulnerability assessment. These assessments include a manual analysis and verification of vulnerabilities discovered, prioritized remediation steps, customized reporting, and remediation support.

Incident Response

Experiencing a cybersecurity incident? Even if your SLTT organization is not yet part of the MS-ISAC, you can reach out to us for help. Learn more about our incident response services.

Malicious Code Analysis Platform (MCAP)

MCAP is a web-based service which allows members to submit suspicious files, including executables, dlls, documents, quarantine files and archives for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat analysis based on domain, IP address, URL, HASH, and various IOCs.

MCAP users are able to obtain the results from analysis, behavioral characteristics and additional detailed information which allows users to remediate the incident in a timely manner. This communication with our members provides the MS-ISAC with the situational awareness needed to assess the malware threat characteristics facing our SLTT government entities on a national level.

Vulnerability Management Program (VMP)

VMP notifies members on a monthly basis about any outdated software that could pose a threat to assets. A scripted GET request is sent to over 30,000 SLTT domains that the MS-ISAC maintains, to pull data on versioning information related to each domain.

In order to alert members of outdated software, the MS-ISAC collects server type and version (IIS, Apache, Nginx, etc.), web programming language and version (PHP, ASP, etc.), and content management system and version (WordPress, Joomla, Drupal, etc.)

Following the analysis and review of the information returned, data will be broken out into two categories: vulnerable and not vulnerable systems. If the system is located in the ‘vulnerable’ file, an associated portion of that system is not up to date. Conversely, if the system is located in the ‘not vulnerable' file, the system’s patch level is up to date. Systems identified as vulnerable include the CVE score and a link to the CVE.

Members should use this monthly notification to conduct further internal analysis to ensure that Internet facing systems are patched and running the most up to date software.

For questions regarding the domains that the MS-ISAC has on file for your organization, please contact the MS-ISAC. Domain listings can be edited at any point in time during your membership

Malicious Domain Blocking and Reporting (MDBR)

The Malicious Domain Blocking and Reporting (MDBR) service is offered to MS-ISAC members in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and Akamai. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.

Learn more about MDBR.

Information Sharing, Cybersecurity Awareness, and Education

Through the Homeland Security Information Network (HSIN), MS-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.

Arrow Access the HSIN portal.

Everything we do at CIS centers around collaboration with other cybersecurity experts. In the MS-ISAC, workgroups comprised of dedicated MS-ISAC partners get together to share their ideas and experiences. Learn more about MS-ISAC Workgroups.

By working with MS-ISAC members and other cybersecurity partners around the country, MS-ISAC also provides:

DHS Initiatives

On behalf of our MS-ISAC members, CIS coordinates a variety of DHS programs and initiatives:

CIS SecureSuite Membership

CIS SecureSuite Membership gives organizations around the world access to a collection of integrated cybersecurity resources such as CIS-CAT Pro Assessor, remediation content, and CIS-CAT Pro Dashboard. All of these tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. CIS SecureSuite Membership is free for U.S. SLTT government organizations.

Enroll in CIS SecureSuite Membership.

Network Security Monitoring (Albert)

One of our most popular services is the network monitoring solution known as Albert. Albert consists of an IDS sensor that gathers network data and sends it to the MS-ISAC for analysis.

Learn more about Albert.


MS-ISAC members are welcome to purchase a variety of consulting services, including:

  • Social engineering (phishing exercises)
  • Network penetration testing
  • Web application penetration testing

Each of these consulting services can be customized by the purchasing organization. Services provided are based on a statement of work.

Learn about Services

Vulnerability Assessment

With both network and web application components, MS-ISAC members can purchase assessment services to identify critical system vulnerabilities. These assessments include a manual analysis and verification of vulnerabilities discovered, prioritized remediation steps, customized reporting, and remediation support. Vulnerability assessments can be scheduled on a monthly, quarterly, or yearly basis. Payment Card Industry (PCI) compliance scanning is also available.

Learn about Vulnerability Assessment

Managed Security Services (MSS)

Managed Security Services (MSS) provide 24/7 monitoring, event analysis, and notifications for multiple security devices, including:

  • Firewalls
  • IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
  • Web proxies
  • Endpoints
  • Switches/ Routers
  • Services

Learn about MSS

Deloitte’s Cyber Detect & Respond Portal

Deloitte’s Cyber Detect & Respond Portal (“Portal”) is a secure, online platform for obtaining industry-leading Cyber Threat Intelligence (CTI) for enhancing knowledge, understanding, and the ability to identify potential cyber threats & attacks and reduce enterprise cyber risk. MS- and EI-ISAC members are eligible to be given access to this resource at no cost. For any inquiries on how to utilize the portal, please head to the Portal Reference Guide.

Ready to improve your security posture?

Arrow Register for MS-ISAC membership

Or contact us:


Arrow Download the MS-ISAC Services Guide