Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

["Hillhouse, Bob (Bob)" <bob () UTK EDU>]

@Lorna – I can see a concern over perception but they are only looking at public facing structure anyway. There are 
already Government agencies monitoring public network traffic. Are they concerned because the agency is collecting the 
information and reporting on it? Or, have they given you any context for the concern?

--
Bob Hillhouse, CISSP
Associate CIO & CISO
Phone: (865) 974-8445
The University of Tennessee, Knoxville
bob () utk edu

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Koppel, Lorna 
<Lorna.Koppel () TUFTS EDU>
Date: Friday, September 3, 2021 at 10:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services
Hi Everyone,

I too am interested in trying their services.  I ran into concerns from legal and others about the perception of having 
a government agency looking at our network especially with people being nervous about immigration.  Anyone else dealt 
with that?

Thanks,
Lorna

Lorna L. Koppel
Director of Information Security
Office of Information Security (OIS)
Tufts University
169 Holland 
Street<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fmail%2Fdeeplink%2Fcompose%2FAAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%252B34CAAA%253D%3Fversion%3D2019123003.04%26popoutv2%3D1&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171764641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SpGrnyPpfUnQ2QBjW0AQ5RL9GT%2BYdLOZ2rGXJ4D5bfs%3D&reserved=0>
Somerville, MA 
02144<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fmail%2Fdeeplink%2Fcompose%2FAAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%252B34CAAA%253D%3Fversion%3D2019123003.04%26popoutv2%3D1&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171764641%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SpGrnyPpfUnQ2QBjW0AQ5RL9GT%2BYdLOZ2rGXJ4D5bfs%3D&reserved=0>
Phone: 617.627.0885
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Valerie Smith
Sent: Friday, September 3, 2021 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

Hi Vince,

We've used it for almost a year now and we really like it. It's essentially just Nessus but they send a weekly pdf 
report with good info, charts, and graphs (the original Nessus data is embedded as an attachment in the appendix too). 
I've used their graphs in reports to management. And being able to say "DHS says this is a critical vulnerability" has 
helped get people to act a little quicker with remediations than they may have otherwise. ;)

Also they send an annual report of aggregated, anonymized vuln data from across higher ed so that you can see how your 
institution compares against the average.

Let me know if you have other questions or there's anything else I can help with regarding this topic.

Thanks,
Val

Valerie Smith, CISSP (she/her)
Sr. Information Security Analyst
SUNY Geneseo
vsmith () geneseo edu<mailto:vsmith () geneseo edu>


On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu<mailto:vbonura () fordham edu>> wrote:
Good morning, All!

I am writing to inquire whether anyone is taking advantage of the Cybersecurity and Infrastructure Security 
Agency(CISA) Cyber Hygiene scan services?

We became aware of it recently and are considering signing up. Since it’s a free service, and another way to test the 
vulnerabilities of your publicly accessible networks, it seems like a no-brainer.

But we are curious who is/has used it and what you thought of their findings.

Thanks in advance!

Vince Bonura
IT Risk Analyst

Fordham University
(718) 817-1875

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171774597%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BECenSc14vEJGDG4TIu9xWEsy8PS6xxM9KsUPLF5cfE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171774597%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=BECenSc14vEJGDG4TIu9xWEsy8PS6xxM9KsUPLF5cfE%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cbob%40UTK.EDU%7Ce34d14ea071d406b6f6708d96ee39e9d%7C515813d9717d45dd9eca9aa19c09d6f9%7C0%7C0%7C637662746171784552%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8OqyMaffAFN7B8UoiIHeP0W8bcPc9W3mGTswUJXx1C8%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community