ISAO 300-2: Automating Cyber Threat Intelligence Sharing

Request For Comment

The request for comment period for this draft concluded on Saturday, August 18. All comments are currently under review and adjudication by working groups. Comments received after the August 18th deadline are welcomed and may be included in future adjudication and revision periods.

The purpose of this document is to provide a description and implementation guideline for automating key elements of the cyber threat intelligence lifecycle process of collection, identification, ingesting, processing, and correlation to establish derived actions. As envisioned, the document is targeted at organizations wanting to automate and use cyber threat intelligence processes for defending their enterprise. This document is equally useful to Information Sharing and Analysis Organization (ISAO) members and the ISAOs that are participating or considering participation in automated sharing efforts.

This document comprises a technical discussion and guidelines to assist organizations implementing automated cyber threat intelligence information sharing and its utilization in mitigating cybersecurity risks. Intelligence efforts have been generally characterized as strategic, operational, or tactical. This guide is focused on the area of tactical intelligence utilization that can benefit an enterprise and is dependent on an information-sharing ecosystem that can support automated sharing of cyber threat intelligence.

Throughout the document, the terms cybersecurity information sharing and information sharing are used synonymously.

Download This Draft Document
Having trouble viewing this document?


To submit comments on this draft comment, we recommend creating an account on the website by visiting our registration page. Your information will be saved for future comment submissions. If you do not wish to create an account, you may also submit comments without registering.