Cyber Hygiene Services

Reducing the Risk of a Successful Cyber Attack

Adversaries use known vulnerabilities and weaknesses to compromise the security of organizations. The Cybersecurity and Infrastructure Security Agency (CISA) offers Cyber Hygiene scanning and testing services to help organizations reduce their exposure to threats by taking a proactive approach to mitigating attack vectors.

Email us to enroll today

 CISA's available Cyber Hygiene services are listed below:    

  • Vulnerability Scanning: Evaluates external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.
  • Web Application Scanning: Evaluates publicly accessible web applications to uncover vulnerabilities and misconfigurations that attackers might exploit. This comprehensive evaluation includes, but is not limited to, the vulnerabilities listed in the OWASP Top 10, which represent the most critical web application security risks. This service provides detailed reports on a monthly basis monthly, as well as on-demand reports to help ensure your web applications remain secure.  

Additionally, CISA recommends you further protect your organization by identifying assets that are searchable via online tools and taking steps to reduce that exposure.

Frequently Asked Questions

How much does it cost?

CISA Cyber Hygiene services are available at no cost.

Who can receive services?

Federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations.

When will my services begin?

Cyber Hygiene services typically begins within 72 hours of completing the appropriate forms, and reports will begin to be received within two weeks of the scanning start date. Reports from the Vulnerability Scanning service will come from reports@cisa.dhs.gov, and reports from the Web Application Scanning service will come from vulnerability@cisa.dhs.gov.  

Who performs the service?

Cyber Hygiene services are provided by CISA’s highly trained information security experts equipped with top-of-the-line tools. Our mission is to measurably reduce cybersecurity risks to the Nation by providing services to government and critical infrastructure stakeholders.

Get Started

Email us at vulnerability@cisa.dhs.gov with the subject line “Requesting Cyber Hygiene Services” to get started.