Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

["La Grew, Jesse S" <jslagrew () MADISONCOLLEGE EDU>]

Vince,


We signed up for this offering a year or two ago and it has been very
useful. We even split up some of our reports for other business units so
that they can get their own individual report for their own subnet(s). These
reports get delivered by CISA. We receive a full report for all networks and
the business unit can get a report for their defined network segment. 

 

I would be happy to share some of the information over a call some time.

 

Jesse 

 

--

Jesse La Grew, CISSP

Security Architect

Technology Services

Madison College

608.246.6148

 

From: The EDUCAUSE Security Community Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Powell, Andy
Sent: Friday, September 3, 2021 8:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cybersecurity and Infrastructure Security
Agency(CISA) Cyber Hygiene scan services

 

Hi Vince,

 

  We signed up for CISA's CyHy services in July and have only received the
results of their web app scanning to date (still waiting on general vuln
scan results), and your post is a timely reminder for me to ping them again.

 

  Speaking only of Web App scanning, I found their scan to be helpful and
informative. They use Qualys, so their report format was familiar to me. It
surfaced several concerns, some we were previously aware of and some others
that we weren't. In my opinion, that's working as intended and we're happy
with the service.

 

  I can only speculate on the cause for delay on the vuln scanning side,
which I chalk up to a supply/demand crunch...we operate a /16 space, which
is probably a pretty unusual slice for CISA, who typically scans "critical
infrastructure" organizations that would work hard to reduce their internet
exposure to something less than 65,000 addresses. I'm guessing we've been
prioritized downward, and wouldn't necessarily take issue with that.




Andrew F. Powell Jr., CISSP, CCSP

Information Security Director

Williams College

22 Lab Campus Drive, Williamstown, MA, 01267

O - (413) 597 - 4340

C - (978) 502 - 0086

(he/him/his)

 

 

On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu
<mailto:vbonura () fordham edu> > wrote:

Good morning, All!

 

I am writing to inquire whether anyone is taking advantage of the
Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan
services?

 

We became aware of it recently and are considering signing up. Since it's a
free service, and another way to test the vulnerabilities of your publicly
accessible networks, it seems like a no-brainer.

 

But we are curious who is/has used it and what you thought of their
findings.

 

Thanks in advance!

 

Vince Bonura

IT Risk Analyst

 

Fordham University

(718) 817-1875

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa
use.edu%2Fcommunity&data=04%7C01%7Cjslagrew%40MADISONCOLLEGE.EDU%7C863713954
767499c929708d96ee20843%7C33f001466fcc49e9b5687896b3069d44%7C0%7C0%7C6376627
39374161166%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Xh5FmCTpEm4aBmdSjyE0Qg3H3TFlxIn718AH
4SDmvxQ%3D&reserved=0>  

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community
list. If you want to reply only to the person who sent the message, copy and
paste their email address and forward the email reply. Additional
participation and subscription information can be found at
https://www.educause.edu/community
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educa
use.edu%2Fcommunity&data=04%7C01%7Cjslagrew%40MADISONCOLLEGE.EDU%7C863713954
767499c929708d96ee20843%7C33f001466fcc49e9b5687896b3069d44%7C0%7C0%7C6376627
39374171135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HweCqh8wdFR1ifsLMmTVnpDYhikfH%2BFdkD
dfp3oyDyY%3D&reserved=0>  


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description: