In 2020, the Cybersecurity and Infrastructure Security Agency (CISA) began piloting of a tool called Crossfeed, which was developed in collaboration with Defense Digital Service, to better understand the risks and status of the cyber infrastructure landscape across the nation and to communicate with entities if serious vulnerabilities were discovered.
As part of this pilot, Crossfeed mostly performed passive data collection using third-party application programming interfaces (APIs) and standard web scraping techniques used by search engines.
While the active pilot has concluded as of Oct. 1, 2021, CISA will continue to conduct limited, passive scanning to alert Federal agencies, SLTT entities, and critical infrastructure operators across the nation of any serious vulnerabilities. All traffic from Crossfeed to scanned assets is marked by a "Crossfeed" User-Agent header and is cryptographically signed so that entities can verify that the web traffic is coming from CISA. For instructions on verifying scans and other frequently asked questions, please refer to Crossfeed's documentation.