ZP Enterprises

Your Go-To Source for Cyber Security Insights and Solutions

Administration Cyber Security Cybercrime Government Internet

CISA has ended its agreement with the Center for Internet Security

ByZP Enterprises Webmin

Oct 1, 2025 #Administration, #Cyber Crime, #Cyber Security, #Government, #Hack, #Internet
CISA - Cybersecurity & Infrastructer Security Agency

Yes, as of September 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) officially ended its cooperative agreement with the Center for Internet Security (CIS), concluding a 21-year partnership that supported the Multi-State Information Sharing and Analysis Center (MS-ISAC).

🔍 What This Means

  • Funding Cut: CISA will no longer provide the $27 million annual federal funding that supported MS-ISAC’s cybersecurity services for state, local, tribal, and territorial (SLTT) governments.
  • New Model: CISA is shifting to a model that emphasizes direct support to SLTT partners through:
    • Grant funding via DHS and FEMA
    • No-cost tools like cyber hygiene scanning, phishing assessments, and vulnerability management
    • Cybersecurity performance goals and evaluation tools
  • MS-ISAC Transition: CIS will continue operating MS-ISAC under a new fee-based membership model, aiming to maintain services such as threat intelligence, best practices, and incident response.

🧭 Context and Implications

This move follows earlier cuts to CIS-run programs like the Elections Infrastructure ISAC (EI-ISAC), and coincides with the expiration of the Cybersecurity Information Sharing Act and the State and Local Cybersecurity Grant Program (SLCGP). While CISA claims this transition will “maximize impact” and “empower SLTT partners,” critics worry it may reduce access to vital cybersecurity resources for underfunded local agencies.

If you’d like a breakdown of how this affects SLTT cybersecurity posture or want help visualizing the new support model, I can sketch that out for you.

CISA’s new support model for state, local, tribal, and territorial (SLTT) governments is designed to decentralize cybersecurity assistance and shift from centralized services (like those provided by CIS) to a more modular, grant-driven, and tool-based approach. Here’s how it breaks down:

🧩 CISA’s Post-CIS Support Model for SLTTs

1. Grant-Based Funding

  • State and Local Cybersecurity Grant Program (SLCGP): SLTTs can apply for direct funding to build their own cybersecurity capabilities.
  • FEMA-administered grants: These may support broader resilience and emergency preparedness, including cyber readiness.

2. Direct Technical Services

CISA offers a suite of no-cost services directly to SLTTs:

  • Cyber Hygiene Scanning: External vulnerability scans to identify internet-facing risks.
  • Phishing Campaign Assessments: Simulated phishing attacks to test user awareness and response.
  • Vulnerability Management: Tools and guidance to help SLTTs patch and mitigate known vulnerabilities.
  • Incident Response Support: CISA can assist during active cyber incidents, though this may be more limited than MS-ISAC’s 24/7 SOC.

3. Performance Goals and Maturity Models

  • Cybersecurity Performance Goals (CPGs): A prioritized checklist of baseline security practices tailored for SLTTs.
  • Cybersecurity Evaluation Tool (CSET): A self-assessment platform to help organizations gauge their cyber maturity and identify gaps.

4. Information Sharing and Threat Intelligence

  • CISA will continue to share threat intelligence through its own channels, including:
  • Joint Cyber Defense Collaborative (JCDC)
  • Cybersecurity Advisories and Alerts
  • Regional field offices and Protective Security Advisors

🧠 Strategic Shift: From Centralized to Empowered

CISA’s rationale is to “empower SLTTs to own their cybersecurity posture” rather than relying on a single intermediary like CIS. However, this assumes SLTTs have the capacity to manage grants, deploy tools, and interpret threat intelligence—something smaller jurisdictions may struggle with.

🧭 CISA’s New SLTT Cybersecurity Support Model (Post-CIS)

  • No More MS-ISAC Funding: CISA ended its $27M annual funding to the Center for Internet Security, which ran MS-ISAC. CIS will now offer MS-ISAC services via a paid membership model.
  • Direct Federal Support:
    • Grants: SLTTs can apply for cybersecurity funding through DHS and FEMA.
    • Free Tools: CISA provides cyber hygiene scans, phishing assessments, and vulnerability management services at no cost.
  • Self-Guided Resources:
    • Cybersecurity Performance Goals (CPGs): A prioritized checklist of best practices.
    • Cybersecurity Evaluation Tool (CSET): Helps SLTTs assess and improve their cyber maturity.
  • Threat Intelligence:
  • Shared via CISA’s own channels (e.g., JCDC, alerts, regional advisors), rather than through MS-ISAC.

This marks a shift from centralized, federally funded services to a decentralized, grant-driven model that expects SLTTs to take more ownership of their cybersecurity posture.

Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Game Fly
Game Fly Video Game Rentals!

By ZP Enterprises Webmin

Related Post

Cyber Security Cybercrime Patch Management Security

Cloudflare Outage Traced to Emergency React2Shell Patch Deployment

Dec 5, 2025 ZP Enterprises Webmin
Cyber Security Cybercrime Health Internet

Cloudflare Mitigates Historic World Record 29.7 Tbps DDoS Attack!

Dec 4, 2025 ZP Enterprises Webmin
Administration Artifical Intelligence Cyber Security Cybercrime

How Safe Is Your Password?

Nov 25, 2025 ZP Enterprises Webmin