ISAO SP-4000: Guiding Practices to Advance Consumer Privacy in Cybersecurity Information Sharing v0.01

Request For Comment

The request for comment period for this draft concluded on Friday, May 5. All comments are currently under review and adjudication by working groups. Comments received after the May 5th deadline are welcomed and may be included in future adjudication and revision periods.

In September 2016, the Information Sharing and Analysis Organization Standards Organization published ISAO 300-1: Introduction to Information Sharing. Section 9, Information Privacy, included core and supporting principles for consideration by entities in establishing an ISAO. This document supplements that high level guidance to further assist entities as they assess the potential privacy implications of cybersecurity information sharing. It builds upon the core and supporting principles by outlining actions to promote efficient and effective information sharing while minimizing the impact on privacy interests.

This document is not intended to create baseline requirements for regulatory or enforcement action. It is consistent with the Cybersecurity Information Sharing Act of 2015 (CISA), draws upon the U.S. Departments of Homeland Security and Justice Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities, and makes additional suggestions to advance privacy and facilitate robust information sharing.

Download This Draft Document
Having trouble viewing this document?


To provide comments, please first login and then use the comments form provided to submit feedback. If you are not a registered user, we recommend registering on our website before submitting draft comments in order to save your contact information for future use.

Register On Our Website

If you would like to submit comments without registering, please use the following link:

Submit Comments Without Registering