JCDC FAQs

What is the Joint Cyber Defense Collaborative?

JCDC is a public-private cybersecurity collaborative that reduces cyber risk by unifying the cyber defense capabilities and actions of government and industry partners. JCDC leverages CISA's joint cyber planning mandate from the 2021 National Defense Authorization Act, along with CISA’s inherent partnership and information sharing authorities. JCDC fuses the best insight, analysis, and expertise from government and industry partners worldwide, producing multi-sealed advisories that reflect collective priorities. JCDC also facilitates rapid threat information sharing across hundreds of priority partners. Whether working with affected victim/ impacted entities, organizations with common capabilities, or those driven by security imperatives, JCDC builds partnerships that enable shared visibility and coordinated action.

On platforms or in person, analysts from partner organizations engage in bilateral and multilateral information sharing, technical and analytic exchanges, and real-time information sharing to strengthen cyber defenses.

What are the benefits of JCDC’s operational and joint development model?

JCDC’s voluntary partnership model integrates engagement with government and industry and enables agile responses to cybersecurity threats. By structuring collaboration around collective security objectives, JCDC unifies relevant partners to tackle emerging threats.

The JCDC joint-development model ensures that critical infrastructure owners and operators receive unified, authoritative information. It incorporates the expertise of companies that manufacture, implement, and protect technology, producing dozens of high-impact cybersecurity publications annually. Several international cybersecurity organizations now mirror this approach.

Who comprises JCDC?

Since its inception, JCDC has built lasting operational collaboration with partners, including:

U.S. Government’s Intelligence Community (USG IC) and Sector Risk Management Agencies (SRMAs)
The largest global IT and communications service providers
Significant infrastructure operators across all sectors
Five Eyes (Australia, Canada, New Zealand, the United Kingdom, and the U.S.) government cybersecurity counterparts
Expert researchers

JCDC also includes specific government agencies designated by Congress for the joint cyber planning office, including the Department of Homeland Security, U.S. Cyber Command, the National Security Agency, the Federal Bureau of Investigation, the Department of Justice, and the Office of the Director of National Intelligence. Other federal agencies contribute based on their expertise, including the U.S. Department of Defense, the Transportation Security Administration, the Environmental Protection Agency, the Federal Aviation Administration, the Department of Energy, and the Department of the Treasury.

JCDC enables continuous collaboration with over 100 international cyber defense organizations (often called “CERTs”) to ensure rapid dissemination of cyber threat information across the globe, increasing friction for our common adversaries. JCDC also works with information sharing hubs such as Information Sharing and Analysis Centers, to distribute actionable information widely.

Who should participate in JCDC?

CISA welcomes all critical infrastructure organizations and entities with cybersecurity expertise and visibility to participate in our collaboration efforts. Voluntary participation is based on a reciprocal expectation of collaboration, in which all partners, public and private, are expected to be active collaborators, with a focus on bidirectional information sharing, information enrichment, tipping, and providing insights to broader campaigns and threat actor activity. In some instances, JCDC partners may be given limited partnership but enabled to exchange critical information.

How can I get involved with JCDC?

Working with JCDC will look different for each organization and its unique subject matter expertise, visibility, and capabilities. For some, it might involve being part of a cyber defense planning effort focused on a specific risk scenario. For others, it might involve joining an operational collaboration effort focused on a specific threat or vulnerability. And for others, it might involve participating in analyst-to-analyst exchanges. For further information about participating, contact JCDC via email.

How does JCDC share information with partners?

JCDC ensures ongoing open dialogue through various platforms, including persistent collaboration channels for specific sectors, time-limited operational working groups and smaller channels for operationally sensitive activities. Some channels provide continuous information sharing while others enable immediate response coordination when threats arise.

JCDC also shares information through platforms like the Homeland Security Information Network (HSIN) and emails via the GovDelivery service for broader outreach. CISA continuously invests in new collaboration tools, to enable frictionless collaboration, including capabilities for rich data analysis.

Who participates in JCDC from partner organizations?

JCDC is an operational body, and participating individuals are expected to serve in operational roles and maintain relevant expertise in topics such as threat analysis, vulnerability management, and incident response. JCDC is not a policy forum, and issues related to national cybersecurity policy are generally considered appropriate for alternate bodies, such as Sector Coordinating Councils.

How will JCDC industry participants’ affiliation impact current or future ability to be awarded DHS/CISA contracts?

JCDC is a voluntary collaborative that is wholly separate from all federal contracting functions. JCDC participation has no impact on a partner’s current or future ability to be awarded any federal contracts, including those issued by DHS or CISA. JCDC is not a policy forum, and issues related to national cybersecurity policy are generally considered appropriate for alternate bodies such as Sector Coordinating Councils.

Is JCDC the only way to work with CISA?

No. JCDC is CISA’s primary vehicle for cross-sector cybersecurity collaboration and joint cyber defense planning, but organizations can also:

Access CISA’s cybersecurity services
Participate in the Coordinated Vulnerability Disclosure (CVD) program
Report cyber incidents through the Incident Reporting Portal.

Does JCDC work with organizations that are not part of the JCDC?

Yes. While JCDC maintains persistent collaboration with its partners, it also engages with U.S. Government entities, private sector organizations, independent researchers, and international government cybersecurity centers that are not part of JCDC based on specific cybersecurity threats and operational needs.

How does CISA safeguard JCDC participant input that includes proprietary information?

JCDC’s success depends on trust. JCDC partners, including both government and private sector entities, adhere to strict dissemination restrictions, using Traffic Light Protocol (TLP) markings. to control the sharing of information. CISA collaborates closely with submitting entities to determine appropriate sharing parameters. Additionally, information submitted is protected under applicable laws, including the Freedom of Information Act (FOIA) and the Cybersecurity Information Sharing Act of 2015, ensuring confidentiality and security.
CISA will not disclose any information that is exempt from disclosure under the Freedom of Information Act (FOIA) consistent with 5 USC 552(b), including but not limited to Exemption (b)(3) as specifically exempt from disclosure by statute, Exemption (b)(4) as trade secrets and commercial or financial information that is privileged or confidential, and Exemption (b)(7)(A)-(f) as records or information compiled for law enforcement purposes.

What does JCDC participation mean for members with pre-existing relationships with CISA or other federal agencies?

JCDC participation does not override existing relationships between organizations and CISA or other Sector Risk Management Agencies (SRMAs). Organizations are encouraged to maintain sector-specific relationships while also leveraging JCDC’s cross-sector coordination to enhance national cybersecurity resilience.

Does CISA endorse JCDC participants?

No. CISA does not endorse any commercial entity, product, or service, including any subjects of analysis. Any reference to a specific commercial entity or commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise does not constitute or imply endorsement, recommendation, or favoring by CISA. With partner approval, CISA may acknowledge JCDC partners and their valuable contributions to the development of various collaborative efforts (e.g., joint Cybersecurity Advisories, joint plans) within the products themselves, on CISA’s website, in stakeholder messaging, and/or via CISA’s social media platforms.

How does CISA balance the need for inclusive involvement with the necessity of enabling trusted collaboration?

JCDC values broad participation while ensuring trust and effectiveness in its collaboration efforts. Organizations are involved in JCDC efforts based on their specific expertise and capability contributions. Most initiatives involve fewer than 20 organizations, but the outcomes often result in actionable information and cybersecurity guidance that benefits the broader cybersecurity community.

How does JCDC determine what plans to develop? Who activates and leads the execution of cyber defense plans developed by JCDC?

JCDC follows an annual process to prioritize cyber defense plans, focusing on:

Defending against advanced persistent threats (APTs) operations
Raising cybersecurity baseline
Addressing emerging technologies and risks.

Execution depends on operational needs, with CISA, interagency partners, and private sector entities collaborating based on plan objectives.