What does FS-ISAC mean? 

The Financial Services Information Sharing and Analysis Center.

What is an ISAC? 

The ISACs were created as a result of Presidential Decision Directive 63 (PDD-63) in 1998. The directive requested the public and private sector create a partnership to share information about physical and cyber threats, vulnerabilities, and events to help protect the critical infrastructure of the United States. PDD-63 was updated in 2003 with Homeland Security Presidential Directive/HSPD-7 to reaffirm the partnership mission. Today there are ISACs for fourteen critical infrastructures, such as Financial Services, Electric, Energy and Surface Transportation. In early 2013, the FS-ISAC board of directors approved an extended charter to include information sharing for financial services entities world-wide.

What does the FS-ISAC do? 

The FS-ISAC gathers threat, vulnerability, and risk information about cyber and physical security risks faced by the financial services sector around the world. Sources of information include commercial companies who gather this type of information, government agencies, CERTs, academic sources, and other trusted sources. After analysis by industry experts, alerts are delivered to participants based on their level of service.

What information is contained in an alert? 

Members may create a profile on the FS-ISAC website to identify specific areas of interest or receive all alerts. For both physical and cyber events, alerts contain a description of the threat or vulnerability, its severity, and recommendations for solutions.

Who belongs to the FS-ISAC? 

The FS-ISAC is rapidly expanding its membership by using multiple tiers of membership and working closely with industry associations. Eligible firms are in the banking and finance sector. FS-ISAC is actively recruiting members and accepting member applications from firms around the world. Through the membership and license agreements with trade associations, the FS-ISAC is delivering urgent and crisis alerts to eligible firms that make up the majority of banking assets and securities transactions around the world.  Member firm names are not released without member permission and no data is ever attributed to an individual member without that member's permission.

How long has the FS-ISAC existed? 

The FS-ISAC was launched in 1999 to help members prepare for Y2K and establish an anonymous information sharing capability within the financial services industry. FS-ISAC has continued to evolve and offer its members more and more valuable services, including: Automated threat indicator sharing; Regular calls, webinars and events to share best practices and threat trends; Threat response playbooks and much more. In addition, FS-ISAC has expanded its charter to better support the needs of the its members around the world.

Does the FS-ISAC have any endorsements? 

Yes, the U.S. Department of Treasury is the official government sponsor and has provided substantial project funding to meet the requirements of the FS-ISAC. FS-ISAC membership is also recommended by:

  • The United States Treasury
  • The Office of the Controller of Currency
  • The United States Secret Service
  • The Department of Homeland Security
  • The Financial Services Sector Coordinating Council, which represents 26 Financial Services Associations and Utilities representing over 25,000 eligible firms.
Additionally, the FS-ISAC has the endorsement of its members and continues to garner endorsement from relevant agencies, organizations and associations representing the best interests of the financial services industry world-wide.

Why is belonging to the FS-ISAC important? 

Since 9/11, protecting the now global critical infrastructure has become a priority for our industry. Each firm in our sector has the responsibility for doing its part in protecting the financial services sector critical infrastructure. Threats and risks to the financial services sector no longer stop at country borders. Being a member of the FS-ISAC is one way your firm can help protect your clients from loss or inconvenience and support cyber security initiatives around the world. Most importantly, the U.S. Treasury, the Department of Homeland Security and other relevant government agencies and entities use the FS-ISAC to disseminate critical information to the financial services sector in times of crisis.

Who is eligible to join the FS-ISAC? 

FS-ISAC membership and participants include eligible firms in the financial services sector world-wide:

  • Banking Firms & Credit Unions
  • Securities Firms
  • Insurance Companies
  • Credit Card Companies
  • Mortgage Banking Companies
  • Financial Services Sector Utilities
  • Financial Services Service Bureaus
  • Appropriate Industry Associations
  • Hedge Fund IT
  • Security Service Providers

How much does it cost to join? 

Pricing varies with the level of service that best meets the needs of your firm. The FS-ISAC has organized into multiple levels of service in order to serve all eligible firms. Visit our Membership Benefits section to review detailed features and benefits of each level of service.

Why is there a fee for being a member of the FS-ISAC? 

The FS-ISAC is managed by member financial services organizations, and is entirely funded by the private sector. The FS-ISAC offers a variety of value-added information sharing and analysis tools which include the following: Cyber and physical alerts, member surveys, anonymous submissions, bi-weekly threat conference calls, Critical Infrastructure Notification service (CINS), crisis conference calls, membership meetings, and webinar training, all at no additional cost to membership (depending on your membership level).

Why should my firm join? 

If you are a financial services firm, or serve the sector, you are part of the banking and finance critical infrastructure. Your firm has the responsibility for doing its part to help protect the global banking and finance critical infrastructure. The U.S. Treasury, the Department of Homeland Security, the U.S. Secret Service, and the Financial Services Sector Coordinating Council and many other associations, agencies and entities world-wide recommend membership in the FS-ISAC as one way your firm can help protect the critical infrastructure that is now truly global in nature. By joining, you enable our industry to create and maintain an effective information sharing capability and ultimately navigate its own future instead of relying on regulators to do so. While the benefits of membership are numerous, this alone is the best reason to join.

How do I become an FS-ISAC member? 

Applications for each level of service are available at our Membership Benefits section. In addition, "JOIN FS-ISAC" buttons are located throughout this site. For more information or to speak to a membership specialist, call the FS-ISAC Membership Hotline at 877-612-2622 or email admin@fsisac.us

After submitting an application, how long does it take for activation? 

In order for an applicant to become activated, three things must happen: (1) the applicant must complete an application; (2) the application must be vetted by a third party; and (3) the applicant must submit payment. Platinum, Gold and Premier Members will be vetted first, then Core, then Basic participants. It could take up to a week for applicants to be vetted depending on application volumes.

Who manages the FS-ISAC? 

The FS-ISAC Board of Directors manages the FS-ISAC. Each Board member serves a three-year term and is elected by the Premier and above Members. The board elects board officers for two year terms.

Who has access to the database? 

Only members with the appropriate credentials have access to the database. Critical Notification Only Participants (CNOP) have no access to the database, Basic and Core Members have limited access to the database, and Standard Members and higher have access to all features and benefits of the database.

Does any government agency have access to the database? 

The FS-ISAC receives alerts and information from many sources, including government agencies and law enforcement. However, it is a one way flow of information: NO government agency of any type or law enforcement agency has any access to member-submitted events without prior approval of the submitting financial institution. The FS-ISAC has and will provide the appropriate government departments with summary sanitized data based on a need to know basis.

How will the database be used? 

The current FS-ISAC database has thousands of threats, vulnerabilities, and events dating back to 1999. Premier and above members may use this database to do research and investigations. The FS-ISAC analysts use the database to establish trends, do research, and investigations. Over time the FS-ISAC is expecting to offer advanced analytics to Premier and above members to study multiple firm IDS data and other sophisticated programs to predict the likelihood of events.

Why are Affiliate Members allowed to join? 

Certain firms who provide products and services designed to make the financial services sector stronger and safer, are an essential part of the FS-ISAC's ability to achieve its goals. Participation in the Affiliate Member Program is designed to enhance the understanding of sector progress in information sharing and the tools used to enhance security. The FS-ISAC Board of Directors must approve each Affiliate Member application.