Automated Indicator Sharing (AIS) Documentation

Automated Indicator Sharing (AIS), a Cybersecurity and Infrastructure Security Agency (CISA) capability, enables the real-time exchange of machine-readable cyber threat indicators and defensive measures to help protect participants of the AIS community and ultimately reduce the prevalence of cyberattacks.  The AIS community includes private sector entities; federal departments and agencies; state, local, tribal, and territorial (SLTT) governments; information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs); and foreign partners and companies. AIS is offered at no cost to participants as part of CISA’s mission to work with our public and private sector partners to identify and help mitigate cyber threats through information sharing and provide technical assistance, upon request, that helps prevent, detect, and respond to incidents.

The AIS ecosystem empowers participants to share cyber threat indicators and defensive measures, such as information about attempted adversary compromises as they are being observed, to help protect other participants of the AIS community and ultimately limit the adversary’s use of an attack method. The more you share, the more everyone becomes informed, and the more we all prevent further damage from vicious cyber-attacks together!

CISA is committed to providing access to our web pages and documents for individuals with disabilities, both members of the public and federal employees. If the format of any elements or content within this document interferes with your ability to access the information, as defined in the Rehabilitation Act, please email To enable us to respond in a manner most helpful to you, please indicate the nature of your accessibility problem and the preferred format in which to receive the material.

Return to the Automated Indicator Sharing page.

Below are some key AIS documents:

Taxonomy Topics