HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

CISA Publishes List of Free Cybersecurity Tools to Advance Security Capabilities

Expanding security capabilities is possible with a tight budget by using free cybersecurity tools and services. Many tools and services have been developed by government agencies, the cybersecurity community, and the public and private sector that can be used to improve defenses against damaging cyberattacks, detect potential intrusions rapidly, and help organizations respond to and remediate security breaches.

Finding appropriate free cybersecurity tools and services can be a time-consuming process. To help critical infrastructure organizations reduce cybersecurity risk, the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has compiled a list of services provided by CISA and other government agencies, open source tools, and tools and services developed and maintained by the cybersecurity community that can be adopted to improve protection, detection, response and the remediation of cyber threats.

The list of free cybersecurity tools and services is divided into four categories, based on the four goals detailed in previously published guidance: CISA Insights: Implement Cybersecurity Measures Now to Protect Against Critical Threats.

  1. Reducing the likelihood of a damaging cyber incident;
  2. Detecting malicious activity quickly;
  3. Responding effectively to confirmed incidents; and
  4. Maximizing resilience.

All of the tools and services added to the list were assessed by CISA using neutral principles and criteria; however, CISA does not attest to the suitability of any product or service, nor the effectiveness of any solution for any particular use case. While some commercial products and services have been included in the list, CISA does not endorse or provide any recommendations for using those products and services. The list will be periodically updated by CISA to include new products and services and CISA welcomes any suggestions of additional products and services for future inclusion in the list.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

While all included tools and services could be of benefit for improving or adding new security capabilities, they are no substitute for developing and implementing a strong cybersecurity program. It is vital to develop such a program and ensure certain foundational cybersecurity measures are implemented, including addressing known flaws in software and operating systems, setting strong passwords, implementing multi-factor authentication, and putting an end to bad cybersecurity practices such as the continued use of legacy solutions that have reached end-of-life and are no longer supported. CISA recommends signing up for its Cyber Hygiene Vulnerability Scanning service and taking steps to get sensitive Stuff of Search (S.O.S) to reduce Internet attack surfaces that are visible to anyone using a web-based platform.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.