There has been a lot of discussion and much concern about information sharing since the Cybersecurity Information Sharing Act (CISA) was passed in December. While the CISA and the ISAO Standards Organization (SO) efforts are not directly tied together, the two address many of the same issues. I wanted to take the time to briefly let you know how we, at the ISAO SO, see our relationship with CISA.
To begin with, we must follow the laws that are passed in relationship to information sharing, and the standards and documents we produce conform to federal laws. Having said that, the purpose of the ISAO SO has not and will not be to suggest new laws or regulations to the federal government. Our goal is to develop standards and guidelines which emerging and established ISAOs need to enhance their information sharing capabilities.
We are aware of the concerns many have about sharing personal information. We believe that careful development of standards will ensure that privacy is maintained. And we believe we can have a positive influence on federal legislation related to information sharing and privacy. We have chartered a working group specifically to sort through privacy issues and concerns to make sure we appropriately consider the implications of information privacy and security.
So, for those of you who are concerned about this topic, let me invite you to become part of the process by participating in the working groups that are creating ISAO standards, attending our open forums, and answering the calls for public comment when they are extended. Help us make sure that these standards are developed correctly.