The ISAO SO has published initial voluntary guidelines for use and implementation by emerging and established ISAOs. These publications have been developed in response to Presidential Executive Order 13691 to provide guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.
The documents have been developed through an open, transparent consensus-based process and represent the collaboration of over 160 experts from industry, government, and academia, combined with the input and feedback of the public. The ISAO document series will continue to grow and evolve in the coming months to serve the community with additional publications. If you have any comments or suggestions relating to these documents, you may submit them using our published product comment form.
The ISAO SO has revised the initial set of voluntary guidelines to correct typographical and grammatical errors only. No content was changed in v1.01 of the documents.
This document serves as an introduction to the topic of Information Sharing and Analysis Organizations (ISAOs) and to the series of documents developed to assist newly forming ISAOs. The establishment of ISAOs allows communities of interest to share cyber threat information with each other on a voluntary basis and to then analyze the shared information to provide guidance or assistance to ISAO members. The goal is to create deeper and broader networks of information sharing to elevate the security of the nation and those entities participating in ISAOs.
The purpose of this document is to provide a set of guidelines for establishing an Information Sharing and Analysis Organization (ISAO). First, a set of key strategic planning factors is provided to help emerging ISAOs consider the most critical questions early in the process. These strategic planning factors will then guide and inform consideration of a series of key operational factors. Finally, a section on building a trusted community offers a set of key considerations for establishing trust. Trust is critical to establishing a successful ISAO with active participation and cybersecurity information sharing among members.
This document is intended to assist ISAOs by providing an in-depth review of the foundational services and capabilities an ISAO could choose to provide to its members, including collection and dissemination, facilitating member sharing, analyzing information, and surveying members. This gives ISAOs a better understanding of how they can operationalize the technical, analytical, and personnel capabilities that are built around their services to better meet the needs of their members.
The purpose of this document is to provide an introduction to cybersecurity information sharing. The intent is to provide a foundation for those trying to understand the basics of information sharing as it relates to Information Sharing and Analysis Organizations (ISAOs). This document describes a conceptual framework for information sharing, information sharing concepts, the types of cybersecurity information an organization may want to share, ways an organization can facilitate information sharing, as well as privacy and security concerns to be considered.
In the three full years since the executive order was issued, a significant number of public and private organizations have responded to this national imperative and have begun to share cybersecurity threat information, improve collective understanding of the threat environment, increase security and preparedness, and collaborate on best practices. This cohesive public and private community-based cooperation has enabled ISAO members and partners to become stronger, safer, and more resilient.
The objective of this guide is to identify preliminary matters of policy and principles, state and local government perspectives, and relevant federal laws regarding cybersecurity information sharing within the United States. Developing trust within and across an information sharing ecosystem that involves both the public and private sectors is a major consideration for all collaborating entities, particularly in the areas of information sharing and privacy, the role of government, and national security.
This document provides an introduction to the information analysis process and how an Information Sharing and Analysis Organization (ISAO) can use it to identify, define, and mitigate cyber-security threats. It is the authors’ intent to provide organizations a general understanding of the tools and processes needed for an analysis team to create cybersecurity information and intelligence within their ISAOs.
This document serves as a high-level overview of tax-exempt legal entity formation options under the Internal Revenue Code (the “Code”) for Information Sharing and Analysis Organizations (ISAOs). This document does not provide an overview of other federal taxes, non-tax considerations, or state law considerations in choosing an entity type for an ISAO.
The purpose for this document is assist risk managers in making decisions with respect to privacy when sharing cybersecurity information. It builds upon the previously published basic principles by outlining actions to promote efficient and effective information sharing while minimizing the impact on privacy interests. Importantly, this document reflects the contributions of industry, civil society, and the government. This document supplements ISAO 300-1 Introduction to Information Sharing, Section 9 Information Privacy.
The purpose of this publication is to describe the need for a public-private engagement framework from the private sector perspective. It also attempts to outline where the cybersecurity information sharing interests of public and private organizations converge and where each can enable the other in assisting their members.
With the growth of the ISAO movement, it is possible that joint private-public information exchange as contemplated under CISA will result in expanded liability protection and government policy that favors cooperation over an enforcement mentality. To aid in that decision making, we have set forth a compilation of frequently asked questions and related guidance that might shed light on evaluating the potential risks and rewards of information sharing and the development of policies and procedures to succeed in it.
Comprised of technical discussions and guidelines to assist organizations implementing automated cyber threat intelligence information sharing and its use in mitigating cybersecurity risks, the ISAO 300-2 document is designed to provide an implementation guideline for automating key elements of the cyber threat intelligence life cycle.