ISAO Standards Organization Publishes New Cybersecurity Information Sharing Standards | Practical Law

ISAO Standards Organization Publishes New Cybersecurity Information Sharing Standards | Practical Law

The Information Sharing and Analysis Organization Standards Organization (ISAO SO) has released initial voluntary cybersecurity information sharing guidelines in response to Presidential Executive Order 13691. These guidelines provide best practices for effective information sharing and analysis related to cybersecurity risks.

ISAO Standards Organization Publishes New Cybersecurity Information Sharing Standards

by Practical Law Intellectual Property & Technology
Published on 03 Oct 2016USA (National/Federal)
The Information Sharing and Analysis Organization Standards Organization (ISAO SO) has released initial voluntary cybersecurity information sharing guidelines in response to Presidential Executive Order 13691. These guidelines provide best practices for effective information sharing and analysis related to cybersecurity risks.
On September 30, 2016, the Information Sharing and Analysis Organization Standards Organization (ISAO SO) published a set of initial voluntary cybersecurity information sharing guidelines for forming and maintaining ISAOs. This guidance, which was developed in response to Presidential Executive Order 13691, includes:
  • Guidelines for Establishing an Information Sharing and Analysis Organization. This document provides guidance on creating an ISAO, including critical considerations for building effective cybersecurity information sharing organizations.
  • Introduction to Information Sharing. This overview provides a conceptual framework for cybersecurity information sharing and addresses:
    • information sharing concepts;
    • types of cybersecurity-related information an ISAO may choose to share;
    • methods to support information sharing; and
    • privacy and information security considerations.
  • US Government Relations, Programs, and Services. This document addresses relevant cybersecurity information sharing laws and regulations within the US and includes a list of government resources available to ISAOs.
The ISAO SO also published an Introduction to ISAOs that explains the origin of the ISAO concept and outlines the scope of future guidelines and standards.
Organizations that are considering whether to create an ISAO or join an existing cybersecurity information sharing organization should review this new guidance. The ISAO SO developed its guidelines with input from a variety of industry experts and stakeholders.