Cyber Hygiene Services

Reduce the Risk of a Successful Cyber Attack

Cyber threats are not just possibilities but harsh realities, making proactive and comprehensive cybersecurity imperative for all critical infrastructure. Adversaries use known vulnerabilities and weaknesses to compromise the security of critical infrastructure and other organizations. CISA offers free cybersecurity services to help organizations reduce their exposure to threats by taking a proactive approach to monitoring and mitigating attack vectors.

By taking advantage of CISA’s Cyber Hygiene services you can:

• Significantly Reduce Risk.
  
  • Organizations typically reduce their risk and exposure by 40% within the first 12 months. Most see improvements in the first 90 days.
• Avoid Surprises.
  
  • Because the services look for assets exposed to the internet, they identify vulnerabilities that could otherwise go unmanaged.
• Sharpen Your Response.
  
  • By combining the vulnerability insights gained with existing threat detection and risk management efforts, enrolled organizations can increase the accuracy and effectiveness of response activities. This means fewer false alarms and less chance of real dangers slipping through the net.
• Broaden Your Security Horizon.
  
  • CISA’s scanning is about more than pinpointing vulnerabilities; it’s about expanding your organization’s security boundaries. From basic asset awareness to daily alerts on urgent findings, you’ll be in a better place to make risk-informed decisions.

Email us to enroll today

 CISA's Cyber Hygiene services include:    

• Vulnerability Scanning: This service continuously monitors and assesses internet-accessible network assets (public, static IPv4 addresses) to evaluate their host and vulnerability status. In addition to weekly reports of all findings, you’ll receive ad-hoc alerts about urgent findings, like potentially risky services and known exploited vulnerabilities.
• Web Application Scanning: This service deep-dives into publicly accessible web applications to uncover vulnerabilities and misconfigurations that attackers could exploit. This comprehensive evaluation includes, but is not limited to, the vulnerabilities listed in the OWASP Top Ten, which represent the most critical web application security risks. This service provides detailed reports monthly, as well as on-demand reports to help keep your web applications secure.  

Additionally, CISA recommends you further protect your organization by identifying assets that are searchable via online tools and taking steps to reduce that exposure.

Frequently Asked Questions

How much does it cost?

CISA Cyber Hygiene services are available at no cost.

Who can receive services?

U.S.-based federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations are welcome to enroll by following the instructions in the “Get Started” section below.

International organizations should reach out to cisainternationalaffairs@hq.dhs.gov to discuss what assistance they may be eligible for.

In the meantime, please feel free to look through the publications and resources available on our website such as the Cybersecurity Performance Goal (CPG) Checklist, the Cyber Security Evaluation Tool (CSET), and Free Non-CISA Cybersecurity Services.

When will my services begin?

Cyber Hygiene services typically begin within three business days after completing sign up, and reports can be expected within two weeks of the scanning start date. 

Who performs the service?

Cyber Hygiene services are provided by CISA’s highly trained information security experts equipped with top-of-the-line tools. Our mission is to measurably reduce cybersecurity risks to the nation by providing services to government and critical infrastructure stakeholders.