CISA Launches New Services Portal to Enhance Incident Reporting and Support
In August, the Cybersecurity and Infrastructure Security Agency (CISA) introduced the CISA Services Portal, designed to streamline the process of reporting cybersecurity incidents and enhance information sharing.
“The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations reporting an incident to provide details such as the impacted entity, contact information, incident description, technical indicators, and mitigation steps,” a CISA spokesperson stated via email.
By collecting detailed reports, CISA and its partners can assist victims in mitigating the effects of cyber incidents, prevent attackers from reusing tactics, and gain insights into the broader scope of adversary campaigns. This information-sharing benefits not just the initial victim but also helps protect other organizations from potential attacks.
How the Portal Works
The CISA Services Portal follows guidelines outlined in the NIST Special Publication 800-61 Revision 2, which defines a cyber incident as:
- Unauthorized access attempts to systems or data
- Unwanted disruptions or denial of service
- Misuse of systems or data in violation of policy
In addition to cyber incidents, users can report malware, software vulnerabilities, threat indicators, and vulnerabilities in government websites. For reporting cyberattacks on critical infrastructure, users are directed to a different link as required by CIRCIA regulations.
When using the portal, users are guided through a step-by-step reporting process, which includes identifying the affected organization, providing a detailed description of the incident, and outlining the technical details of the breach.
What Makes CISA’s Portal Unique?
While many breach reporting portals exist, CISA’s stands out for several reasons. It is a voluntary, stand-alone government portal available to all entities nationwide. It does not replace any breach reporting processes mandated by federal, state, local, or industry-specific regulations, such as those required by the FTC or FCC.
The portal allows users to report incidents on behalf of their organization or as individual users. It also offers the option to set up an account for ongoing communication with CISA, where users can save, update, and share reports.
What truly differentiates CISA’s portal is its capability to provide direct assistance in incident response and recovery. This is particularly valuable for small and medium-sized businesses that may lack the resources to effectively handle cyber incidents.
Although reporting to CISA is not mandatory, the agency strongly encourages organizations to voluntarily report incidents or suspicious activity. CISA has also developed a guide to help prepare organizations for submitting reports, ensuring they have all necessary details related to the breach and their mitigation efforts.
“Any organization experiencing a cyberattack or incident should report it—not only for their benefit but to help the broader community. CISA and our government partners have unique tools to assist with response and recovery, but we need to know about the incident to provide support,” said Jeff Greene, CISA Executive Assistant Director for Cybersecurity, in a statement announcing the portal.
The new CISA Services Portal aims to strengthen collaboration, offering a more efficient and supportive environment for incident reporting and response.
Salesforce comment:
SAN FRANCISCO, Sept. 25, 2015—Salesforce (NYSE: CRM), the Customer Success Platform and world’s #1 CRM company, today issued the following statement on the proposed Cybersecurity Information Sharing Act of 2015 (“CISA”):
“At Salesforce, trust is our number one value and nothing is more important to our company than the privacy of our customers’ data,” said Burke Norton, chief legal officer, Salesforce. “Contrary to reports, Salesforce does not support CISA and has never supported CISA.”