Request For Comment
The Role of Government Subgroup of Standards Working Group 6, Government Relations, has conducted its initial review of the tasks that it has been charged to perform as part of the ISAO Standards Organization’s efforts to issue guidance to existing and emerging ISAOs. The first report of the Role of Government Subgroup provides a consensus view concerning the scope, strategy, and outputs related to the role in which government agencies should participate in ISAO efforts nationally.
Although the first public comment period is now closed, we still welcome your input. While your comments may not be included in the next round of published drafts, they will be considered for future revisions.
|General||These comments were submitted by The InfraGard National Capital Region Members Alliance (INCRMA), Regulatory & Policy Working Group, whose members hail from both government and industry. The InfraGard National Capital Region Members Alliance (INCRMA) is an alliance with the FBI's Washington Field Office and individuals committed to protecting the nation's critical infrastructure. Our chapter has the same footprint as the FBI field office with which we are aligned - Washington, DC and northern Virginia. Our mission is to improve and extend information sharing between critical infrastructure stakeholders, in both the private and public sectors, with the government, particularly the FBI, to protect those infrastructure assets from physical and/or cyber attack. As a result of this exchange, timely information and intelligence is delivered, investigations are initiated and/or enhanced, vital economic and national security assets are protected, and lasting relationships are formed between law enforcement and infrastructure owners/operators.||Accepted|
|General||In addition to other partnerships, the Anti-Phishing Working Group is a great prospect. http://apwg.org/about-APWG/APWG/||Accepted|
|216||More information on the CISA protections would be highly advisable.||Accepted|
|221||Suggest the DHS AIS program be referenced separately since it is not part of the CISA description.||Accepted|
|232-237||Suggest PCII information be moved to PCI Program Information (175), since it is not part of CISA description.||Accepted|
|237||Typo in referencing the CISA||Accepted|
|238||What CISA legal protections apply to sharing cyber threat information between peer-to-peer ISAOs? Will peer-to-peer exchange have the same level of protections that ISAO to Government have, such as protection from FOIA requests and protection from civil litgation and regulatory action?||Deferred|
|238||Will the CISA protections covered all types of information exchanged, including more contextual information, i.e., where information about the threat actor and campaign is identified?||Deferred|