Request For Comment
The request for comment period for this draft concluded on Friday, May 5, 2017. All comments were reviewed and adjudicated by working groups. Comments received after the May 5th deadline may be included in future adjudication and revision periods.
In September 2016, the Information Sharing and Analysis Organization Standards Organization published ISAO 300-1: Introduction to Information Sharing. Section 9, Information Privacy, included core and supporting principles for consideration by entities in establishing an ISAO. This document supplements that high level guidance to further assist entities as they assess the potential privacy implications of cybersecurity information sharing. It builds upon the core and supporting principles by outlining actions to promote efficient and effective information sharing while minimizing the impact on privacy interests.
This document is not intended to create baseline requirements for regulatory or enforcement action. It is consistent with the Cybersecurity Information Sharing Act of 2015 (CISA), draws upon the U.S. Departments of Homeland Security and Justice Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities, and makes additional suggestions to advance privacy and facilitate robust information sharing.
Submitted Comments
The ISAO SO invited the public to provide comments on this document from April 20, 2017 – May 5, 2017. The line reference and comment fields listed below are the exact contents as submitted by the commenter.
[table id=16 /]
