Services

No-cost services for home users, organizations, and technical staff to guard against the growing ransomware threat.

Services for All Organizations

Cyber Hygiene Services

Free CISA scanning and testing services to help organizations assess, identify, and reduce their exposure to threats, including ransomware. Email us at vulnerability_info@cisa.dhs.gov to get started.

This suite of services includes:

  • Vulnerability Scanning: Identifies externally-accessible assets and services that are vulnerable to common attacks.
  • Web Application Scanning: Identifies website weaknesses and poor configurations that attackers may exploit.
  • Remote Penetration Test: Tests perimeter defenses by mimicking the techniques adversaries use to gain unauthorized access to networks

Cyber Security Evaluation Tool (CSET®)

The Cyber Security Evaluation Tool (CSET®) is a stand-alone desktop application that guides asset owners and operators through a systematic process of evaluating Operational Technology and Information Technology. On June 30, CSET was updated to include a new module: Ransomware Readiness Assessment (RRA). The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend against  and recover from a ransomware incident.

CISA Tabletop Exercise Packages (CTEPs)

CISA Tabletop Exercise Packages (CTEPs) are a comprehensive set of resources designed to assist stakeholders in conducting their own exercises. Partners can use CTEPs to initiate discussions within their organizations about their ability to address a variety of threat scenarios.

 

Services for SLTT Organizations

Malicious Domain Blocking and Reporting (MDBR)

The MDBR service is available for U.S. state, local, tribal, and territorial (SLTT) government members of the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) in partnership with CISA and Akamai.

Nationwide Cybersecurity Review (NCSR)

The NCSR is a free, anonymous, annual self-assessment designed to measure gaps and capabilities of state, local, tribal and territorial governments’ cybersecurity programs. It is based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and is sponsored by DHS and the Multi-State Information Sharing and Analysis Center® (MS-ISAC®).