EI-ISAC® Membership FAQ


Membership

Who can join the EI-ISAC?

Membership is open to all U.S. SLTT election-focused government entities.

Are there any requirements to join?

The only requirement is to accept the Terms and Conditions of membership when completing our online registration form, which sets forth the responsibilities of members to protect information that is shared.

Can other members of my organization join?

Yes. Each organization designates a “Primary Member” who is then responsible for authorizing additional individuals in their organization to become members.

How do I join?

Complete our registration form or contact the CIS EI-ISAC at [email protected].

Benefits

What are the benefits of EI-ISAC membership?

Membership benefits include direct access to cybersecurity advisories and alerts, vulnerability assessments and incident response for entities experiencing a cyber threat, secure information sharing through the Homeland Security Information Network (HSIN) portal, tabletop exercises, a weekly malicious domains/IP report, multiple CISA initiatives, CIS SecureSuite® Membership, and more.

Can the EI-ISAC help me with a cyber incident?

Yes. The Computer Emergency Response Team (CERT) is comprised of highly trained staff who can provide malware analysis, reverse engineering, log analysis, forensics analysis and security assessments. Incident response services and cyber threat intelligence are available to all SLTT entities – EI-ISAC membership is not required. If you are an SLTT elections-focused entity and experience a cybersecurity incident or want to report an incident, contact us for assistance: [email protected] or 1-866-787-4722.

What other no-cost cybersecurity services are available to EI-ISAC members?

Participation in the EI-ISAC’s no-cost cybersecurity services are completely voluntary and intended to provide highly-effective solutions for various forms of cyber defense. Members can sign on to receive both web security and device-level security at no cost through the EI-ISAC. Malicious Domain Blocking & Reporting is a cloud-based web security solution that uses recursive DNS technology to prevent IT systems from connecting to harmful web domains, helping organizations limit infections related to known malware, ransomware, phishing, and other cyber threats. Endpoint Detection and Response (EDR) is security software deployed directly on workstations and servers that collects technical data and analyzes it for known or suspicious cyber threat patterns and stops the activity in its tracks.

Cost

What does it cost to join the EI-ISAC?

There is no cost to join the EI-ISAC. It is primarily supported by CISA to serve as the central cybersecurity resource for the nation’s SLTT election-focused government entities.

Funding & Governance

How is the EI-ISAC funded?

The EI-ISAC is federally funded by the Cybersecurity and Infrastructure Security Agency (CISA) through a cooperative agreement with the Department of Homeland Security (DHS).

How is the EI-ISAC governed?

The EI-ISAC is autonomously guided by the Executive Committee, consisting of EI-ISAC member-representatives who are elected by the EI-ISAC members to assist in providing strategic guidance and recommendations for the EI-ISAC. The Executive Committee votes on matters brought to its attention by the various working groups or the EI-ISAC members-at-large.

Two executive committee members serve as the Chair and the Vice Chair of the EI-ISAC to help guide the actions of the committee. All committee members represent different organizations from among state governments, local governments, tribal nations, territories, or the District of Columbia.

Data Security and Information Sharing

What data from members do CIS and the EI-ISAC have access to?

Members can voluntarily report cyber incidents to the 24x7x365 CIS Security Operations Center (SOC) for threat awareness and incident response assistance. We also receive data identified by services offered through the EI-ISAC, such as Albert Network Monitoring and Management, Malicious Domain Blocking and Reporting (MDBR), Endpoint Detection & Response (EDR), which are all voluntary service offerings for members. The following information outlines how various services deal with member data: 

Albert Network Monitoring and Management:  Albert passively monitors network traffic data (including logging “NetFlow” or metadata about network traffic). Albert sensors can only see traffic to and from devices on the network where the SLTT partner has chosen to deploy them and cannot inspect the contents of any encrypted traffic. Learn more about Albert here. 

Malicious Domain Blocking and Reporting (MDBR):  MDBR functions by analyzing outbound DNS requests from an organization to determine if any requests are associated with malicious web domains. All DNS requests sent to the MDBR service for analysis are viewable by CIS and retained for a period of 30 days. CIS does not have any visibility into the web traffic associated with a member visiting any web domains.  

Endpoint Detection and Response (EDR):  Most of the information collected through the EDR service is metadata related to the system the EDR software agent is installed on. Metadata may include user login times and attempts, registry keys, types and versions of operating systems, browsers, and information about software applications. The EDR service does not have access to the contents of documents, email messages or IM/chat communication.