CISA Cyber Hygiene Services
Reducing the Risk of a Successful Cyber Attack
Adversaries use known vulnerabilities and phishing attacks to compromise the security of organizations. The Cybersecurity and Infrastructure Security Agency (CISA) offers several scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.
- Vulnerability Scanning: Evaluates external network presence by executing continuous scans of public, static IPs for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
- Web Application Scanning: Evaluates known and discovered publicly-accessible websites for potential bugs and weak configuration to provide recommendations for mitigating web application security risks.
- Phishing Campaign Assessment: Provides an opportunity for determining the potential susceptibility of personnel to phishing attacks. This is a practical exercise intended to support and measure the effectiveness of security awareness training.
- Remote Penetration Test: Simulates the tactics and techniques of real-world adversaries to identify and validate exploitable pathways. This service is ideal for testing perimeter defenses, the security of externally-available applications, and the potential for exploitation of open source information.
Frequently Asked Questions
How much does it cost? CISA cybersecurity assessment services are available at no cost.
Who can receive services? Federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations.
When will my services begin? Vulnerability Scanning and Web Application Scanning typically begin within one week of returning the appropriate forms.
Who performs the service? Cyber Hygiene services are provided by CISA’s highly trained information security experts equipped with top of the line tools. Our mission is to measurably reduce cybersecurity risks to the Nation by providing services to government and critical infrastructure stakeholders.
Email us at firstname.lastname@example.org with the subject line “Requesting Cyber Hygiene Services” to get started.