Overview
The Cybersecurity Assistance Services Program is a no-cost service designed to strengthen the cyber resilience of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations. This program is available to all MS-ISAC and EI-ISAC members, with priority given to members managing critical infrastructure in high-priority sectors, including: Elections, Healthcare, K-12, and Water and Wastewater. This program provides no-cost, essential, and specialized cyber expertise to help members strategically invest and allocate limited resources, increase cyber maturity and decrease cyber risks, and make decisions and take actions to enhance their cyber posture.
No-cost cyber expertise
Hiring a full-time security executive or advisory firm is expensive. The fewer resources you have, the more important it is for you to have a strategy. These services provide no-cost cyber expertise that members need to strategically invest and allocate their limited resources.
Essential cyber expertise
Cyber threats are continuously evolving and becoming more sophisticated. The more resilient your organization is, the less impact cyber attacks will have. These services provide essential cyber expertise that members need to make decisions and take actions.
Specialized cyber expertise
Cybersecurity is broad and complex, encompassing many technologies, systems, and processes. The more complicated your cyber project or problem is, the more important it is to leverage experience and expertise specific to that topic. These services provide specialized cyber expertise that members need to make decisions and take actions.
Services
Community Advisory Service
- The Community Advisory Service is a one-hour meeting between a cybersecurity advisor and a group of MS-ISAC or EI-ISAC members from the same sector to discuss a cybersecurity topic important to those members. This service helps members gain an understanding of a cybersecurity topic and identify best practices by learning from their peers.
Member Advisory Service
- The Member Advisory Service is a one-hour meeting between a cybersecurity advisor and a MS-ISAC or EI-ISAC member to discuss cybersecurity topics important to their organization. This service provides members with answers to their questions so they can take appropriate action and make informed decisions to enhance their cybersecurity posture.
Security Assessment Service
- The Security Assessment Service is a series of meetings, up to eight hours in total, between an advisor and an MS-ISAC or EI-ISAC member to complete a security self-assessment, such as the Nationwide Cybersecurity Review (NCSR). This service provides expertise to help members accurately complete a security self-assessment and confidently identify the areas with the most need for improvement.
Gap Analysis Service
- The Gap Analysis Service is a series of meetings, up to six hours in total, between an advisor and an MS-ISAC or EI-ISAC member to complete a Gap Analysis based on a previously completed security assessment. This service provides expertise to help members develop security initiatives to bridge the gaps between their current state and their desired state to enhance their cyber posture.
Decision Matrix Analysis Service
- The Decision Matrix Analysis Service is a series of meetings, up to four hours in total, between an advisor and an MS-ISAC or EI-ISAC member to complete a Decision Matrix Analysis based on previously identified security initiatives. This service provides expertise to help members prioritize security initiatives based on weighted criteria so they can identify the security initiatives that will reduce the most risks.
Action Planning Service
- The Action Planning Service is a series of meetings, up to four hours in total, between an advisor and an MS-ISAC or EI-ISAC member to develop an Action Plan to implement previously identified security initiatives. This service provides expertise to help members develop a plan to identify and track the tasks, owners, resources, and status of actions required to complete security initiatives.
Policy Development Assistance Service
- The Policy Development Assistance Service is a series of meetings, up to 10 hours in total, between an advisor and an MS-ISAC or EI-ISAC member to develop a cybersecurity policy document. This service provides expertise to help members develop a cybersecurity-related policy for a cybersecurity control.
Control Implementation Head Start Service
- The Control Implementation Head Start Service is a series of meetings, up to 10 hours in total, between an advisor and an MS-ISAC or EI-ISAC member to select, understand, and implement 1-2 cybersecurity controls. This service provides expertise to help members learn how to implement cybersecurity controls in their environment.
To request a service or learn more about a service, please visit the Request Page.