Infrastructure Security

Subpoena Process

Subpoenas are legal orders that compel the recipient to take certain actions. Administrative subpoenas are issued by federal agencies, rather than by judges or grand juries. CISA is authorized by law to issue administrative subpoenas for the narrow purpose of identifying and notifying the owners and operators of internet-connected systems with specific security vulnerabilities.

State, Local, Tribal & Territorial Indicators of Compromise Automation Pilot Fact Sheet

In 2019, CISA awarded a cooperative agreement to the Johns Hopkins University Applied Physics Laboratory (JHU/APL) to conduct a pilot project with State, Local, Tribal, and Territorial (SLTT) governments to enhance their cybersecurity defenses and rapidly respond to Indicators of Compromise (IOCs) through the development of Security Orchestration, Automation and Response (SOAR) workflows and guides. JHU/APL successfully conducted the pilot project with Arizona, Louisiana, Massachusetts, Texas, Maricopa County, and the Multi-State Information Sharing and Analysis Center.

Information-Centric Automation and Orchestration White Paper

Many products designed to perform advanced analytics or automate analysis of cyber threat information separate the data normalization and information standardization functions from the automated workflows and analytics engines. This way they are working on information in a specific, defined, and understood context, allowing them to add, modify, and delete sources and analytics without impacting existing core functionality. In essence, they have deployed an Information-Focused Automation Framework for the organization.

Orchestration of Information Technology Automation Frameworks White Paper

The Security Orchestration, Automation, and Response (SOAR) market has matured considerably over the last few years, but many organizations still have a hard time differentiating between SOAR and information technology (IT) automation frameworks. Those with investments in IT automation often question the need for extending SOAR deployments outside of the Security Operations Center (SOC), while others wonder how to effectively combine the two technologies to mitigate cyber risks.

Applying Low Regret Methodology for Response to Indicators White Paper

Analysis and response to cyber Indicators of Compromise (IOCs) is so resource consuming that many cybersecurity teams do not even attempt to use them in operations. This paper showcases how to apply a “low-regret” methodology for rapid evaluation and response to these IOCs via Security Orchestration, Automation, and Response tools. Using this methodology, organizations have been able to add IOC mitigation into security operations in a value-added and sustainable manner.