To improve the Nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents and best practices.
A more secure and resilient Nation that is connected, informed, and empowered.
What is the ISAO Standards Organization (ISAO SO)?
In October 2015, the U.S. Department of Homeland Security selected a team led by The University of Texas at San Antonio, with support from LMI and the Retail Cyber Intelligence Sharing Center (R-CISC), as its Information Sharing and Analysis Organization Standards Organization (ISAO SO) to facilitate the implementation of Presidential Executive Order 13691. The ISAO SO is a non-governmental organization.
What does the ISAO Standards Organization do?
We work with existing information sharing organizations, owners and operators of critical infrastructure, relevant agencies, and other public- and private-sector stakeholders through a voluntary consensus standards development process to identify a common set of voluntary standards for the creation and functioning of ISAOs. These standards address, but are not be limited to, contractual agreements, business processes, operating procedures, technical specifications, and privacy protections.
We are building best practices and lessons learned from existing Information Sharing and Analysis Centers and other information sharing organizations. We are developing a voluntary consensus standards development process that leverages industry, government, and academic expertise through working groups. We are also advising organizations on the creation and operation of ISAOs. In addition, the Standards Organization will collect and publish metrics reflecting the effectiveness of cybersecurity information sharing.
Why are ISAOs needed?
The establishment of ISAOs allows communities of interest to share cyber threat information with each other on a voluntary basis. ISAOs may also, if they choose, participate in existing federal cybersecurity information sharing programs, providing access to near-real-time cyber threat indicators. The goal is to create deeper and broader networks of information sharing nationally that foster the development and adoption of automated mechanisms for the sharing of information to elevate the security of the Nation.
In an effort to grow the ISAO community, the ISAO SO has been working to develop key strategic partnerships. We’re pleased to announce InfraGard as the first of these relationships.
InfraGard is a partnership between the FBI and the private sector. It is an association of people who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.
Each InfraGard Members Alliance (IMA) is geographically linked with an FBI field office, providing all stakeholders immediate access to experts from law enforcement, industry, academic institutions, and other federal, state, and local government agencies.By leveraging the talents and expertise of the InfraGard network, information is shared to mitigate threats to critical infrastructure and key resources. Collaboration and communication are the keys to protection. Providing timely and accurate information to those responsible for safeguarding our critical infrastructures, even at a local level, is paramount in the fight to protect the United States and its resources.