Re: [External] Re: [SECURITY] Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

[David Allen <allendp () PLU EDU>]

Thanks to both Valerie & Heather for the clarification.  I had done a quick
search of each of the sectors for "education", but had no hits until I
expanded the Sector Overview section as Heather instructed.  Serves me
right for not just using the search function on their site.  Though, based
on a couple of other emails I received directly I'm glad I asked since it
appears to have been a common point of confusion.

Thanks again everyone!

-David A.

On Thu, Sep 9, 2021 at 7:11 AM Chester, Heather <htomley () luc edu> wrote:

> David,
>
> Good question.  I believe Higher Ed is under the Government Facilities
> sector / Education Facilities Subsector
> https://www.cisa.gov/government-facilities-sector.  Once you open this
> page, go to Sector Overview, “The Education Facilities Subsector covers
> pre-kindergarten through 12th grade schools, institutions of higher
> education, and business and trade schools. The subsector includes
> facilities that are owned by both government and private sector entities”.
>
>
>
> Heather
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *David Allen
> *Sent:* Wednesday, September 8, 2021 6:50 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] [External] Re: [SECURITY] Cybersecurity and
> Infrastructure Security Agency(CISA) Cyber Hygiene scan services
>
>
>
> We have some interest in signing up with the CISA service as well, but got
> hung up on the question on the service application form that asks "Which
> Critical Infrastructure Sector does your organization most closely align
> with?"  Is there any consensus which option should be selected?  Doing a
> quick review of the option and descriptions (
> https://www.cisa.gov/critical-infrastructure-sectors) did not provide an
> obvious choice for us.
>
>
>
> -David A.
>
>
>
> On Tue, Sep 7, 2021 at 7:44 AM Thomas Dugas <dugast () duq edu> wrote:
>
> We’ve used this service for years now. I concur, they won’t be looking at
> anything that people scanning your network for vulnerabilities aren’t doing
> already. The difference is they actually tell you that you have an issue
> instead of exploiting the risk. It does hold a bit more weight as well when
> I’ve had to go to third-party service providers to tell them their service
> has a vulnerability on our network.
>
>
>
> Foreign nation states are doing this to our networks already. At least I
> feel that Homeland Security is looking out for our better interests.
>
>
>
> Tom Dugas
>
> Dugast () duq edu
>
> AVP/CISO
>
> Duquesne University
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Davis, Ken
> *Sent:* Friday, September 3, 2021 1:00 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [External] Re: [SECURITY] Cybersecurity and Infrastructure
> Security Agency(CISA) Cyber Hygiene scan services
>
>
>
> There are other free services that can provide potential vulnerability
> information from an external perspective, such as ShadowServer
> https://www.shadowserver.org/
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.shadowserver.org%2F&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726409022%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=WV4QhGM6vR%2BySd0M7tLXNO4v6a8F9j5%2B%2By1jmjgHv80%3D&reserved=0>
>
>
>
> The Shadowserver Foundation
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.shadowserver.org%2F&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726418983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=AeVt9IzLdSJOffLcmq53JQcUc0GQdPMM1ZXlNh4hDrM%3D&reserved=0>
>
> The Shadowserver Foundation is a nonprofit security organization working
> altruistically behind the scenes to make the Internet more secure for
> everyone.
>
> www.shadowserver.org
>
>
>
>
>
> --Ken
>
>
>
>
> ------------------------------
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Kevin Ledbetter <
> kevin.ledbetter () VALPO EDU>
> *Sent:* Friday, September 3, 2021 8:14 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject:* Re: [SECURITY] Cybersecurity and Infrastructure Security
> Agency(CISA) Cyber Hygiene scan services
>
>
>
> I think the feds are our side.
>
>
>
>
>
> On Fri, Sep 3, 2021 at 10:09 AM Ken Connelly <ken.connelly () uni edu> wrote:
>
> THIS!!
>
> Plus my general paranoia about giving the feds permission to do this. Not
> that they can't/couldn't/wouldn't do it anyway, but if I say "ok", then I
> said "ok" and they have permission.
>
> -ken
>
> On 9/3/21 9:03 AM, Koppel, Lorna wrote:
>
> Hi Everyone,
>
>
>
> I too am interested in trying their services.  I ran into concerns from
> legal and others about the perception of having a government agency looking
> at our network especially with people being nervous about immigration.
> Anyone else dealt with that?
>
>
>
> Thanks,
>
> Lorna
>
>
>
> *Lorna L. Koppel*
>
> Director of Information Security
>
> Office of Information Security (OIS)
> Tufts University
> 169 Holland Street
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fmail%2Fdeeplink%2Fcompose%2FAAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%252B34CAAA%253D%3Fversion%3D2019123003.04%26popoutv2%3D1&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726418983%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=I213HC597VO95bb6SyY%2Fi4tnT%2B9fbwrAbYFuBav1vU4%3D&reserved=0>
> Somerville, MA 02144
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office.com%2Fmail%2Fdeeplink%2Fcompose%2FAAMkADMwMDljOTgzLWE4ZDItNDE3YS05MGVlLTllZmRjNjU1OGI0MQBGAAAAAADcDQBefXDTQL6Rle4B4f5rBwDYXT5XZThPQK6AlMmSrZQmAAAAea7OAAAPz2fB03mORptgvBpr7W1SAAAI%252B34CAAA%253D%3Fversion%3D2019123003.04%26popoutv2%3D1&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726428937%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=tel4XrIQXG0%2BFCQwNfBWwgKnva1CjVmR4TzAVJ3h8HU%3D&reserved=0>
> Phone: 617.627.0885
>
> *From:* The EDUCAUSE Security Community Group Listserv
> <SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU> *On
> Behalf Of *Valerie Smith
> *Sent:* Friday, September 3, 2021 10:02 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Cybersecurity and Infrastructure Security
> Agency(CISA) Cyber Hygiene scan services
>
>
>
> Hi Vince,
>
>
>
> We've used it for almost a year now and we really like it. It's
> essentially just Nessus but they send a weekly pdf report with good info,
> charts, and graphs (the original Nessus data is embedded as an attachment
> in the appendix too). I've used their graphs in reports to management. And
> being able to say "DHS says this is a critical vulnerability" has helped
> get people to act a little quicker with remediations than they may have
> otherwise. ;)
>
>
>
> Also they send an annual report of aggregated, anonymized vuln data from
> across higher ed so that you can see how your institution compares against
> the average.
>
>
>
> Let me know if you have other questions or there's anything else I can
> help with regarding this topic.
>
>
>
> Thanks,
>
> Val
>
>
> Valerie Smith, CISSP (she/her)
>
> Sr. Information Security Analyst
>
> SUNY Geneseo
>
> vsmith () geneseo edu
>
>
>
>
>
> On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu> wrote:
>
> Good morning, All!
>
>
>
> I am writing to inquire whether anyone is taking advantage of the
> Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan
> services?
>
>
>
> We became aware of it recently and are considering signing up. Since it’s
> a free service, and another way to test the vulnerabilities of your
> publicly accessible networks, it seems like a no-brainer.
>
>
>
> But we are curious who is/has used it and what you thought of their
> findings.
>
>
>
> Thanks in advance!
>
>
>
> Vince Bonura
>
> IT Risk Analyst
>
>
>
> Fordham University
>
> (718) 817-1875
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726428937%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=BP%2Frb7%2F237briaSo0DKVJDR6SzlaUiKtMyKDoy4Vdmc%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726438893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3fw30oLgrEqV78gS41wZEeQnaIMXKplxSgob9b%2BiXdU%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726438893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3fw30oLgrEqV78gS41wZEeQnaIMXKplxSgob9b%2BiXdU%3D&reserved=0>
>
>
>
> --
>
> - Ken
>
> =================================================================
>
> Ken Connelly                       Director, Information Security
>
> Information Security Officer          University of Northern Iowa
>
> email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-3010
>
>
>
> Any request to divulge your UNI password via e-mail is fraudulent!
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726438893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3fw30oLgrEqV78gS41wZEeQnaIMXKplxSgob9b%2BiXdU%3D&reserved=0>
>
>
>
>
> --
>
> *Kevin Ledbetter*
>
> *Systems Security Administrator Office of Information Technology*
>
> 1700 Chapel Drive
> Valparaiso, IN 46383
> 219.464.6191
>
> Staff Employee Advocacy Council
>
> Kevin.Ledbetter () valpo edu
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726448852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=sxygUw5vw68%2FwKbU804aTMhp5Z6psHSkcyH4HBauXok%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cdugast%40DUQ.EDU%7Cd795f89450d4430ab10908d96efc6db2%7C12c44311cf844e4195c38df690b1eb61%7C0%7C1%7C637662852726448852%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=sxygUw5vw68%2FwKbU804aTMhp5Z6psHSkcyH4HBauXok%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
>
>
>
> --
>
> David P. Allen
> Director for Enterprise Systems
> Information & Technology Services
> Pacific Lutheran University
> t: 253-535-7524
>
> *pronouns: he/him/his*
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
David P. Allen
Director for Enterprise Systems
Information & Technology Services
Pacific Lutheran University
t: 253-535-7524
*pronouns: he/him/his*

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community