MS-ISAC Services

The MS-ISAC operates within the SOC, which is a 24x7x365 joint security operations and analysis unit that monitors, analyzes, and responds to cyber incidents targeting SLTT entities. The SOC provides real-time network monitoring and notification, early cyber threat warnings and advisories, and vulnerability identification and mitigation.

You can contact the SOC directly by calling 866-787-4722 or emailing [email protected].

MDBR is a highly effective, no-cost solution available to MS-ISAC  members that proactively blocks network requests from known harmful web domains, helping protect IT systems against cybersecurity threats such as malware, phishing, and ransomware. Members receive weekly reports summarizing the potentially malicious requests that MDBR has detected. MDBR can be implemented in about 15 minutes and requires virtually no maintenance as CIS and Akamai fully maintain the systems required to provide this service. For additional information please visit MDBR FAQs and MDBR Terms & Conditions.

CIRT provides SLTT organizations with malware analysis, computer and network forensics, malicious code analysis/mitigation, and incident response. External vulnerability assessments are also available following a cyber incident. This service helps victims of cyber incidents to check if their remediation efforts have been effective.

Report an incident

Our cybersecurity experts disseminate short, timely emails containing technical information about software and hardware vulnerabilities.

Sign up for the newsletter and advisory notifications.

The CTI team collects, analyzes, and delivers actionable intelligence to operators and decision-makers responsible for defending SLTT government organizations. CTI maintains a curated, real-time, bi-directional indicator sharing platform that makes indicators available in the industry standard STIX/TAXII format and available for integration into local security operations. This platform is tailored specifically for SLTTs.

MS-ISAC leverages both internal and external sources to create the only intelligence feed tailored for SLTTs. Members can use carefully vetted and verified indicators, including malicious domains and file hashes, to automate defenses across their local network without additional equipment in most cases. They also have the option to choose from multiple collections of indicators derived from a range of resources.

Learn more about our real-time indicator feeds

The CIS Passive Threat Notification Service consists of four different services:   

• Targeted Vulnerability Notifications: Once a vulnerability is disclosed, scans are done on public facing infrastructure to determine exploit potential for that vulnerability. 
• Initial Access Broker Service: An automated scraping service that combs through forums for sales resembling initial access to SLTT networks.  
• Breached Credential Service: An automated scraping service that combs data breach websites for SLTT related content.  
• IP and Domain Monitoring: A parser scrapes for sinkholed malicious domains, defacements, and Pastebin sites for indications of SLTT information. 
• Enrollment in these services requires the organization's IPs and domains, email address syntax, and username syntax. True positives result in direct notifications. 

Already an MS-ISAC member? Enroll now.

This 32 question assessment addresses foundational cybersecurity questions to get you started with evaluating your organization’s current cyber posture. The assessment is aligned to both the NIST Cybersecurity Framework and the CIS Critical Security Controls and for those who have not taken other larger assessments before. The Foundational Assessment will help organizations transition to taking the Nationwide Cybersecurity Review (NCSR), also offered through the MS-ISAC. To sign-up, email [email protected] with your organization details.

The Senate Appropriations Committee has requested an ongoing effort to chart nationwide progress in cybersecurity and identify emerging areas of concern. In response, DHS has partnered with the MS-ISAC, NASCIO, and NACo to develop and conduct the NCSR. It's a no-cost, anonymous, annual self-assessment designed to evaluate your cybersecurity maturity.

Learn how to participate in the NCSR

The MS-ISAC Community

In the MS-ISAC, working groups comprised of dedicated MS-ISAC members share their ideas and experiences.

Learn more about MS-ISAC Working Groups

Other Benefits of Working with the MS-ISAC Community

• Cybersecurity table-top exercise templates
• Annual Best of the Web contest
• MS-ISAC Toolkit
• Annual National Cybersecurity Awareness Month Poster Contest Guide and Entry Form
• Regular webinars examining critical and timely cybersecurity issues

The Homeland Security Information Network (HSIN)

Through the Homeland Security Information Network (HSIN), MS-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.

Access the HSIN portal

Access to Department of Homeland Security (DHS) Initiatives

Scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors

Cyber hygine Services

Cyber Resiliency Review, NCATS, Stop.Think.Connect, and more

us-cert

Over 900 hours of free cybersecurity training for any government employee or veteran.

FedVTE

Resources designed to help individuals and organizations prevent attacks that can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

Stop Ransomware

Security clearances for state Chief Information Security Officers

Regional and national security exercises

Membership is available at no cost to U.S. SLTTs, and gives organizations access to a collection of integrated cybersecurity resources. The tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. Current MS-ISAC members can access CIS SecureSuite resources by visiting CIS WorkBench. Non-MS-ISAC members can enroll in CIS SecureSuite Membership.

Enroll in CIS SecureSuite Membership

Albert is a cost-effective Intrusion Detection System (IDS) available to SLTT entities, including election organizations, critical infrastructure, and public education. This service is committed to building and maintaining the most comprehensive set of detection rules and signatures in order to quickly and accurately identify threats that impact SLTT entities.

Learn more about Albert

View Albert Fact Sheet

Our 24x7x365 SOC provides SLTT entities with cost-effective log and security event monitoring of existing devices including, but not limited to, IDS/IPS, firewalls, switches and routers, servers, endpoints, and web proxies. Our SOC escalates actionable items to organizations as alerts and is always on hand to answer questions regarding alerts or notifications.

Learn more about MSS

CIS ESS offers device-level protection and response to strengthen an organization’s cybersecurity program. It provides active defense against both known (signature-based) and unknown (behavioral-based) malicious activity as well as effective defense against encrypted malicious traffic. Fully monitored and managed by our SOC, the service includes various measures to protect endpoint devices.

Learn more about ESS

CIS provides cost-effective vulnerability management solutions for networks and web applications, as well as penetration testing and phishing engagements. These services include network discovery and mapping, vulnerability assessment reporting, testing vulnerabilities for false-positives, identifying high-value assets, prioritizing vulnerabilities based on risk, and conducting custom phishing simulations.

The CIS CyberMarket helps SLTT entities improve their cybersecurity posture through expert guidance and cost-effective procurement. It builds public and private partnerships and works to enhance collaboration that improves the nation’s cybersecurity posture. The CIS CyberMarket makes cybersecurity purchasing effective, easy, and economical by providing discounts on training, software, and consulting services.

Learn more about CyberMarket

MDBR+ is a quick-to-configure and easy-to-deploy cloud-based secure DNS service available to U.S. State, Local, Tribal, and Territorial (SLTT) government organizations and private hospitals. MDBR+ proactively identifies and blocks malware, ransomware, and phishing attacks while providing you with real-time reports, custom configurations, and off-network device protection to reduce risk and increase your SLTT organization's or private hospital's cybersecurity defenses.

Learn more about MDBR+