Re: Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan services

[Kevin Ledbetter <kevin.ledbetter () VALPO EDU>]

We at Valpo have been getting Cyber Hygiene Reports since October 2017.  We
find them very valuable; but just one of the tools we use to identify
vulnerabilities.  Highly recommend signing up.

Kevin
On Fri, Sep 3, 2021 at 9:01 AM La Grew, Jesse S <jslagrew () madisoncollege edu>
wrote:

> Vince,
>
>
> We signed up for this offering a year or two ago and it has been very
> useful. We even split up some of our reports for other business units so
> that they can get their own individual report for their own subnet(s).
> These reports get delivered by CISA. We receive a full report for all
> networks and the business unit can get a report for their defined network
> segment.
>
>
>
> I would be happy to share some of the information over a call some time.
>
>
>
> Jesse
>
>
>
> --
>
> Jesse La Grew, CISSP
>
> Security Architect
>
> Technology Services
>
> Madison College
>
> 608.246.6148
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Powell, Andy
> *Sent:* Friday, September 3, 2021 8:52 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Cybersecurity and Infrastructure Security
> Agency(CISA) Cyber Hygiene scan services
>
>
>
> Hi Vince,
>
>
>
>   We signed up for CISA's CyHy services in July and have only received the
> results of their web app scanning to date (still waiting on general vuln
> scan results), and your post is a timely reminder for me to ping them again.
>
>
>
>   Speaking only of Web App scanning, I found their scan to be helpful and
> informative. They use Qualys, so their report format was familiar to me. It
> surfaced several concerns, some we were previously aware of and some others
> that we weren't. In my opinion, that's working as intended and we're happy
> with the service.
>
>
>
>   I can only speculate on the cause for delay on the vuln scanning side,
> which I chalk up to a supply/demand crunch...we operate a /16 space, which
> is probably a pretty unusual slice for CISA, who typically scans "critical
> infrastructure" organizations that would work hard to reduce their internet
> exposure to something less than 65,000 addresses. I'm guessing we've been
> prioritized downward, and wouldn't necessarily take issue with that.
>
>
> Andrew F. Powell Jr., CISSP, CCSP
>
> Information Security Director
>
> Williams College
>
> 22 Lab Campus Drive, Williamstown, MA, 01267
>
> O - (413) 597 - 4340
>
> C - (978) 502 - 0086
>
> (he/him/his)
>
>
>
>
>
> On Fri, Sep 3, 2021 at 9:43 AM Vince Bonura <vbonura () fordham edu> wrote:
>
> Good morning, All!
>
>
>
> I am writing to inquire whether anyone is taking advantage of the
> Cybersecurity and Infrastructure Security Agency(CISA) Cyber Hygiene scan
> services?
>
>
>
> We became aware of it recently and are considering signing up. Since it’s
> a free service, and another way to test the vulnerabilities of your
> publicly accessible networks, it seems like a no-brainer.
>
>
>
> But we are curious who is/has used it and what you thought of their
> findings.
>
>
>
> Thanks in advance!
>
>
>
> Vince Bonura
>
> IT Risk Analyst
>
>
>
> Fordham University
>
> (718) 817-1875
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjslagrew%40MADISONCOLLEGE.EDU%7C863713954767499c929708d96ee20843%7C33f001466fcc49e9b5687896b3069d44%7C0%7C0%7C637662739374161166%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Xh5FmCTpEm4aBmdSjyE0Qg3H3TFlxIn718AH4SDmvxQ%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=04%7C01%7Cjslagrew%40MADISONCOLLEGE.EDU%7C863713954767499c929708d96ee20843%7C33f001466fcc49e9b5687896b3069d44%7C0%7C0%7C637662739374171135%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=HweCqh8wdFR1ifsLMmTVnpDYhikfH%2BFdkDdfp3oyDyY%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 
*Kevin Ledbetter*
Systems Security Administrator
Office of Information Technology

1700 Chapel Drive
Valparaiso, IN 46383
219.464.6191
Staff Employee Advocacy Council
Kevin.Ledbetter () valpo edu

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community