CISA Introduces New Cybersecurity Resource Center

The Cybersecurity and Infrastructure Security Agency (CISA) introduced their “Free Cybersecurity Services and Tools” resource center earlier this week.

The resource center was developed to provide a trusted central repository of cybersecurity resources to help organizations reduce cyber risk and advance their security capabilities. Resources include tools and services from CISA, the open-source community and public and private sector organizations in the cyber community.

The resource center is accessible at www.cisa.gov/free-cybersecurity-services-and-tools and tools were selected based on the four goals outlined in the recent CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats:

  1. Reducing the likelihood of a damaging cyber incident
  2. Detecting malicious activity quickly
  3. Responding effectively to confirmed incidents
  4. Maximizing resilience

“Many organizations, both public and private, are target rich and resource poor,” said CISA Director Jen Easterly. “The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment. This initial catalog will grow and mature as we include additional free tools from other partners.” 

The catalog is expected to grow moving forward through more joint partnerships and CISA driven initiatives.  Prior to exploring the free services and tools, CISA recommends taking the following actions to set a strong foundation for a cybersecurity program.

Fix the Known Security Flaws in Software

Check the CISA Known Exploited Vulnerabilities (KEV) Catalog for software used by your organization and, if listed, update the software to the latest version according to the vendor’s instructions. Note: CISA continually updates the KEV catalog with known exploited vulnerabilities.

Implement Multifactor Authentication (MFA)

Use multifactor authentication where possible. MFA is a layered approach to securing your online accounts and the data they contain. When you enable MFA in your online services (like email), you must provide a combination of two or more authenticators to verify your identity before the service grants you access.

Halt Bad Practices

Take immediate steps to: (1) replace end-of-life software products that no longer receive software updates; (2) replace any system or products that rely on known/default/unchangeable passwords; and (3) adopt MFA (see above) for remote or administrative access to important systems, resources, or databases.

Sign Up for CISA’s Cyber Hygiene Vulnerability Scanning

Register for this service by emailing [email protected]. Once initiated, this service is mostly automated and requires little direct interaction. CISA performs the vulnerability scans and delivers a weekly report. After CISA receives the required paperwork, scanning will start within 72 hours and organizations will begin receiving reports within two weeks. Note: vulnerability scanning helps secure internet-facing systems from weak configurations and known vulnerabilities and encourages the adoption of best practices.

Get Your Stuff Off Search (S.O.S.)

While zero-day attacks draw the most attention, frequently, less complex exposures to both cyber and physical security are missed. Get your Stuff Off Search–S.O.S.–and reduce internet attack surfaces that are visible to anyone on web-based search platforms.

In addition to these five recommendations, the Schneider Downs cybersecurity team encourages routine preventative assessment exercises to identify risks and assess overall cybersecurity posture.

Through the foundational steps and resource center*, CISA hopes organizations will have another way to reduce the likelihood of cyber incidents, understand the steps to detect potential intrusion, be confidently prepared for an incident and strengthen their overall resilience to cyber threats.

* CISA applies neutral principles and criteria to add items and maintains sole and unreviewable discretion over the determination of items included. CISA does not attest to the suitability or effectiveness of these services and tools for any particular use case. CISA does not endorse any commercial product or service. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

Related Links

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Protect Your Students, Faculty and Staff: 3 Common Cyber Attack Methods to Watch Out for in 2023
Single Audit Reporting Reminders
Protect Your Retail Business: 3 Common Cyber Attack Methods to Watch Out for in 2023
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Pittsburgh

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×