Enhanced Cybersecurity Services (ECS)

The Cybersecurity and Infrastructure Security Agency's (CISA) Enhanced Cybersecurity Services (ECS) program is an intrusion detection, prevention, and analysis capability that is available to all U.S. -based entities. CISA partners with accredited service providers who build and maintain classified systems capable of protecting ECS customer networks against malicious activity. ECS follows a managed security service model whereby CISA shares sensitive and classified U.S. Government cyber threat information with ECS service providers. These service providers use that information to detect and/or block malicious traffic from entering customer networks. ECS is meant to augment, not replace, an ECS customer's existing cybersecurity capabilities.  

Benefits of ECS

  • ECS is an efficient and timely solution to protect an organization using U.S. Government information. 
    • CISA shares indicators of compromise through ECS where the systems detect and/or block potential malicious activity on an organization's network. 
  • ECS is the only cybersecurity capability on the commercial market that uses sensitive and classified cyber threat information to protect networks. 
    • ECS enables organizations to operationalize sensitive and classified Government information for network defense. 
  • ECS is a cost-effective solution to enhance an organization's network protections. 
    • With ECS, your organization will benefit from the protections associated with sensitive and classified CISA- sourced intelligence.
  • ECS costs are potentially reduced or free for State or Local organizations. 
    • State and Local organizations may be eligible to apply for FEMA Homeland Security Grant Program funds (through their respective state grant administrative agencies), in order to pay for ECS.

Service Offerings

The ECS program currently offers three services:

  • Domain Name Service (DNS) Sinkholing
    •  DNS Sinkholing enables ECS service providers to block access to specified malicious domain names. 
  • Email (SMTP) Filtering
    • Email filtering enables ECS service providers to block emails with specified malicious criteria. 
  • Netflow Analysis
    • Netflow Analysis uses passive detection to provide customers with malicious activity alerts on their network.  

CISA continues to consider additional service offerings that can use U.S. Government-vetted cyber threat information to enhance the protection of U.S.-based organizations. 


The ECS program embeds privacy protections into all of its operations. CISA does not monitor any private networks or collect any communications, directly or by proxy. CISA uses the Fair Information Practice Principles (FIPPs) to assess and mitigate impacts on an individual’s privacy. CISA has conducted and published a Privacy Impact Assessment (PIA) for the ECS program. To read more about the FIPPs, the ECS PIA, and related cyber programs, visit DHS's Cybersecurity and Privacy page.

Eligibility & Enrollment

All U.S.-based entities are eligible to enroll in ECS. Program participation is voluntary and designed to protect government intelligence, corporate information security, and the privacy of participants. U.S.-based entities interested in participating or learning more about service-level options and agreements should contact an ECS service provider directly. One provider is accredited to offer ECS:

Contact Information

For general program information, contact ECS_Program@cisa.dhs.gov. For specific information about enrollment, pricing, or service options, please contact the ECS service provider listed above.

Was this webpage helpful?  Yes  |  Somewhat  |  No