ISAO Capabilities and Categories v0.2 (SWG2)

Request For Comment

The request for comment period for this draft concluded on Friday, June 17, 2016. All comments were reviewed and adjudicated by working groups. Comments received after the June 17 deadline may be included in future adjudication and revision periods.

This document presents proposed draft information designed to assist ISAOs with capabilities to consider as they become part of a national ecosystem of cyber information sharing and analysis. ISAOs may develop in many different ways, and each may choose different capabilities driven by the needs of their members. The goal is to offer some prospective choices, options, and ideas regarding capabilities that may prove beneficial in serving members and addressing their particular threat and vulnerability environments. All content is voluntary, and the specific capabilities that any ISAO chooses to implement are determined by the nature of the particular ISAO itself and driven by its own perception of member needs.

Download This Draft Document
Having trouble viewing this document?

Submitted Comments

The ISAO SO invited the public to provide comments on this document from May 3 – June 17, 2016. The line reference and comment fields listed below are the exact contents as submitted by the commenter.

Line ReferenceCommentDisposition
GeneralThese comments were submitted by The InfraGard National Capital Region Members Alliance (INCRMA), Regulatory & Policy Working Group, whose members hail from both government and industry. The InfraGard National Capital Region Members Alliance (INCRMA) is an alliance with the FBI's Washington Field Office and individuals committed to protecting the nation's critical infrastructure. Our chapter has the same footprint as the FBI field office with which we are aligned - Washington, DC and northern Virginia. Our mission is to improve and extend information sharing between critical infrastructure stakeholders, in both the private and public sectors, with the government, particularly the FBI, to protect those infrastructure assets from physical and/or cyber attack. As a result of this exchange, timely information and intelligence is delivered, investigations are initiated and/or enhanced, vital economic and national security assets are protected, and lasting relationships are formed between law enforcement and infrastructure owners/operators.Rejected
21, 28Wouldn't the NIST Cybersecurity Framework (CSF) be an applicable framework to define the ISAO's foundational and additional capabilities as well as the maturity of the infrastructure needed to ingest actionable cyber threat information?Under Review
107What is the process for vetting ISAO members? Who is responsible for assuring vetting is properly performed? Will the vetting process apply across all ISAO industries?Accepted
145Although the list of categories if ISAO is non-exhaustive and illustrative only, it fails to acknowledge a category of ISAO that will be fundamentally different from all other ISAOs - single company, for profit ISAOs that share information with their customers through products and services. This type of ISAO should be explicitly recognized either as a separate ISAO category or explicitly mentioned under the industry and sector based grouping.Accepted