Automated Indicator Sharing (AIS) TAXII 1.1 Capability Documents for More Information

The Terms of Use (TOU) give the basic rules and responsibilities for connecting to the TAXII Server as well as some basic terminology that is used in the program.

CISA’s' free Automated Indicator Sharing (AIS) program enables organizations to share and receive machine-readable cyber threat indicators (CTIs) and defensive measures (DMs) in real time to monitor and defend their networks against relevant known threats.

The FAQ provides a list of frequently asked questions and answers from stakeholders to assist new participants in understanding how Automated Indicator Sharing (AIS) is implemented.  

Privacy Impact Assessment for the Automated Indicator Sharing (AIS) Program.

Multilateral Information Sharing Agreement (MISA), herein referred to as the “Agreement,” is to enhance cybersecurity information sharing among federal agencies in order to better protect the United States from malicious cyber actors.

The Interconnect Agreement describes general responsibilities on both sides of the sharing relationship to ensure the Trusted Automated Exchange of Intelligence Information (TAXII) connectivity is properly secured.

The Submission Guidance provides details for crafting cyber threat indicators in Structured Threat Information Expression (STIX) format, along with explanation of how to use Traffic Light Protocol (TLP).

In Appendix A, all the STIX indicator fields from the AIS profile are included with information and examples for each.

Provides key details on the brokering functions provided by DHS and guidance for federal entities to mark information with ACS markings they intend to share with the non-federal and federal entities via AIS.

This document is intended for federal sharing community readers who have some familiarity with AIS, STIX, and xml and wish to create and mark STIX documents in xml for sharing with AIS.

This Access Control Specification (ACS) document, the result of that collaboration, specifies the data elements required to implement automated access control systems based on the relevant policies governing sharing between participants.

FAQs and guidance to help support customers in successfully connecting to the TAXII server.

Cybersecurity Information Sharing Act of 2015 Original Act from the Government Printing Office.

Guidance to assist Non-Federal entities in sharing Cyber Threat Indicators and Defensive Measures

Guidance to assist Federal entities to share Cyber Threat Indicators and Defensive Measures.

Establishes privacy and civil liberties guidelines governing the receipt, retention, use, and dissemination of cyber threat indicators by a federal entity.

Consistent with section 105(a)(2) and (3) of the Cybersecurity Information Sharing Act of 2015 (CISA), this document establishes procedures relating to the receipt of cyber threat indicators and defensive measures by all federal entities under CISA.