RFC Open for ISAO 600-1: A Framework for State-Level Information Sharing and Analysis Organizations

Request for Comment: Open April 17, 2018 – May 17, 2018

The Information Sharing and Analysis Organization Standards Organization (ISAO SO) has announced a request for comment period for a new document titled ISAO 600-1: A Framework for State-Level Information Sharing and Analysis Organizations. Members of the public have until midnight on May 17, 2018 to provide comments on this draft publication released by the ISAO SO on April 17, 2018.

To download the draft document and provide comments, please visit the 600-1 Request for Comment page.

In February 2015, then-President Barack Obama signed Executive Order 13691, describing the critical need for cybersecurity information sharing and strongly encouraging the formation and development of Information Sharing and Analysis Organizations (ISAOs).

In the three full years since the executive order was issued, a significant number of public and private organizations have responded to this national imperative and have begun to share cybersecurity threat information, improve collective understanding of the threat environment, increase security and preparedness, and collaborate on best practices. This cohesive public and private community-based cooperation has enabled ISAO members and partners to become stronger, safer, and more resilient.

Information sharing at the state, local, tribal, and territorial (SLTT) level has similar manifest value and should be targeted for expansion. Many private and governmental entities, however, have not yet undertaken effective cybersecurity threat information sharing, some out of reluctance, others for lack of knowledge. Accordingly, this primer provides a resource for facilitating effective cybersecurity sharing and analysis within states for those already participating in the arena and for those who should be. The matters presented in the draft document include the following:

  • A business case for SLTT information sharing
  • The identification of state-level stakeholders
  • Potential organizational models for the governance and administration of a state-level information-sharing program
  • Discussion of various relevant state-level services and capabilities
  • A framework for state-level partnerships and coordination between states
  • Identification of potential sources of funding
  • Public and private partnership mutual advantages in collaboration.

The ISAO SO has published seven voluntary guideline documents since September 2016 on isao.org with several other documents currently in development to be published this year. These publications were developed with the support of industry experts across all sectors in response to Presidential Executive Order 13691 to provide guidelines for effective information sharing an analysis related to cybersecurity risks, incidents, and best practices.