Elastic Partnering With CISA to Help Standardize Cyber Defense Across Federal Civilian Agencies

SAN FRANCISCO--(BUSINESS WIRE)--Elastic (NYSE: ESTC), the Search AI Company, announced that it is partnering with the Cybersecurity and Infrastructure Security Agency (CISA) to develop a unified Security Information and Event Management as-a-Service (SIEMaaS) offering, using Elastic Security on Elastic Cloud. The new SIEMaaS will help to strengthen the security posture of U.S. federal civilian agencies by standardizing security data collection across agencies, enabling real-time threat detection and rapid incident response.

The commitment with CISA is part of a $26 million base-year contract through ECS, a provider of advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, and an ASGN (NYSE: ASGN Incorporated) brand. This contract has the opportunity to renew under the same terms for up to four additional years, for a total anticipated agreement value of up to $130M.

Building on their long-standing partnership with CISA and Elastic’s leadership in next-gen SIEM, Elastic and ECS will help design, host, and operate a new SIEMaaS on its FedRAMP-certified Elastic Cloud. The program will standardize cybersecurity monitoring across Federal Civilian Executive Branch Agencies (FCEBs) to enhance security with greater speed, scale, and operational consistency, while leveraging Elastic’s standards-based platform to significantly reduce costs associated with data access and retention.

The first tenant to adopt the SIEMaaS platform is a large FCEB agency. This first implementation will serve as the operational blueprint for broader rollout across additional federal entities, to accelerate time-to-protection and create a repeatable, cost-efficient model for shared cyber defense.

With cyber adversaries accelerating their use of supply chain attacks, identity-based intrusions, and zero-day exploits, agencies face mounting pressure to detect, investigate, and respond to threats in real time. Even with the advances spurred by Executive Orders 14028 and M-21-31, which have significantly advanced Zero Trust adoption and enhanced logging practices, gaps persist in achieving whole-of-government cyber visibility.

This SIEMaaS initiative directly addresses those gaps by delivering a shared, unified, cloud-hosted platform for large-scale data ingestion, threat analytics, and incident response, all powered by the Elasticsearch Platform—an open, extensible platform that manages both structured and unstructured data. The program will help break down legacy silos and enable CISA analysts and FCEB agencies to collaborate on accessible, unified cyber defense.

“Federal agencies remain a top target for cyber adversaries, and the current pace and complexity of attacks demand a new operational model,” said Ash Kulkarni, CEO of Elastic. “By consolidating cybersecurity telemetry into a shared, cloud-based SIEM service built on Elastic’s platform, CISA is setting a new standard for speed, scale, and collective defense across civilian agencies.”

Under the program, the CISA Continuous Diagnostics and Mitigation Program Management Office will oversee the hosting and operations of the SIEMaaS environment, including infrastructure, data pipelines, enrichment workflows, and threat detection engines, all operated on FedRAMP-certified Elastic Cloud through a base year and four option years ending in 2030.

About Elastic

Elastic (NYSE: ESTC), the Search AI Company, integrates its deep expertise in search technology with artificial intelligence to help everyone transform all of their data into answers, actions, and outcomes. Elastic's Search AI Platform — the foundation for its search, observability, and security solutions — is used by thousands of companies, including more than 50% of the Fortune 500. Learn more at elastic.co.

Elastic and associated marks are trademarks or registered trademarks of elasticsearch BV and its subsidiaries. All other company and product names may be trademarks of their respective owners. The release and timing of any features, such as the additional models and region availability or functionality described in this post, remain at Elastic's sole discretion. Any features or functionality not currently available may not be delivered on time or at all.