CISA is conducting a limited pilot of Crossfeed to better understand the risks and status of the cyber infrastructure landscape across the nation and communicate with entities if serious vulnerabilities are discovered.
Crossfeed is an asset discovery tool used to monitor and gather information about vulnerabilities on public-facing assets supporting national critical functions. Crossfeed collects data from a variety of open-source tools, publicly-available resources, and data feeds.
As part of this limited pilot, Crossfeed only performs passive data collection — using third-party application programming interfaces (APIs) and standard web scraping techniques used by search engines — and limits its scope to public-facing assets.
Scanned entities may notice limited web scraping traffic from Crossfeed on their public-facing assets. All traffic from Crossfeed to scanned assets is marked by a “Crossfeed” User-Agent header and is cryptographically signed so that entities can verify that the web traffic is coming from CISA. For instructions on verifying scans and other frequently asked questions, please refer to Crossfeed’s documentation.
Crossfeed is developed as an open-source tool, and its code is available on our CISAgov GitHub.
(CISA is also concurrently conducting a separate “active” pilot of Crossfeed, which involves Crossfeed directly querying participating organizations’ internet-facing network assets to confirm the presence of any vulnerabilities on those systems. A limited number of entities have accepted invitations to participate in this “active” pilot and provided authorization for their systems to be scanned as part of the “active” pilot.)
If you have any questions about the Crossfeed pilot or would like to opt out of this scanning, please contact firstname.lastname@example.org.