Automated Indicator Sharing (AIS), a CISA capability, enables the real-time exchange of
machine-readable cyber threat indicators and defensive measures to help protect against and ultimately reduce the prevalence of cyber incidents. AIS is offered as part of CISA’s broad authority to share information relating to cybersecurity risks, including authority to receive, analyze, and disseminate information, and fulfills CISA’s obligation under the Cybersecurity Information Sharing Act of 2015 to establish and operate the federal government’s capability and process for receiving cyber threat indicators and defensive measures, and to further share this information with certain other agencies, in some cases in a real-time manner. For more information, please visit: https://www.cisa.gov/ais.
AIS Automated Scoring & Feedback (AS&F), built on the AIS Scoring Framework, defines an algorithm by which organizations can enrich Structured Threat Information Expression Indicator objects, shared via AIS, with (1) an opinion value that provides an assessment of whether or not the information can be corroborated with other sources available to the entity submitting the opinion and (2) a confidence score that states the submitter’s confidence in the correctness of information they submit into AIS. When leveraged by CISA, AS&F uses artificial intelligence / machine learning to perform descriptive analytics from organizational-centric intelligence to support confidence and opinion classification of indicators of compromise. Together, these enrichments can help those receiving information from AIS prioritize actioning and investigating Indicator objects.