The Information Sharing and Analysis Organization (ISAO) Standards Organization announced today that the publication ISAO 400-1: Emerging State and Local Cybersecurity Laws and Regulations Impacting Information Sharing is now available and free to download here.
Including an overview of state laws and general legislation that can influence the roles of information sharing entities within geographical areas, the ISAO 400-1 document is designed to provide insights into the laws, initiatives and regulations nationwide that ISAOs should understand and monitor.
“When it comes to information sharing, it’s important for ISAOs to remember that there may be state and local opportunities and mandates they should learn about,” said David Turetsky, chair of the Privacy and Security Work Group and a professor of practice at the University of Albany. “This release is intended to give a few examples and help illustrate why state and local laws can matter to ISAOs.”
ISAOs and similar organizations can be a critical resource in providing cyber threat information and resilience support to states and localities. The ISAO 400-1 document encourages ISAO operational choices to engage with local, state and federal levels of government to help educate legislators about their needs and to share various forms of threat vector and cybersecurity risk information with those entities.
“With the Department of Homeland Security working hard to engage in and improve information sharing, Congress passing laws like the Cybersecurity Information Sharing Act of 2015, and the White House issuing relevant Executive Orders, ISAOs may be less focused on the activities of state and local governments. This document helps to explain and illustrate why ISAOs also need to pay attention to these other levels of government,” said Turetsky.
The ISAO 400-1 document includes insights into privacy laws, some of which have been influenced by the European Union’s General Data Protection Regulation (GDPR), among other topics of interest.
ISAO SO publications are documents authored by the ISAO SO working groups using an open and transparent consensus-driven development process. These documents focus on specific topics to meet the needs of information sharing organizations.
The ISAO SO has published 12 voluntary guideline documents since September 2016 on ISAO.org. These publications, including the ISAO 400-1 document, were developed with the support of over 160 industry experts in response to Presidential Executive Order 13691 to provide guidelines for effective information sharing and analysis related to cybersecurity risks, incidents and best practices.
“This document, written and supported by volunteers within the ISAO community, is designed to start a conversation on this changing environment and how ISAOs and communities can engage to create a more secure nation,” said Dr. Greg White, executive director of the ISAO SO.
Provide Feedback
Although the official comment period ended, the ISAO Standards Organization is still accepting comments on the website to be included in future adjudication and revisions of this document. If you have any comments or suggestions relating to this document, you may submit them using our published product comment form.
CLICK HERE to provide feedback on this document.