RFC Period For ISAO Certification Model Open Through January 15

The Information Sharing and Analysis Organization Standards Organization (ISAO SO) today announced a Request for Comment period for a new document titled, Solicitation for a Discussion on an ISAO Certification Model. Members of the public have until January 15, 2018 to provide comments on this draft publication released by the ISAO SO on December 1, 2017. To provide comments, click here.

ISAO SO Special Publications are documents authored by the ISAO SO working groups using an open and transparent consensus-driven development process. These documents are designed to be shorter than the ISAO SO General Publications while addressing specific topics to meet the needs of information sharing organizations.

“The goal of the ISAO SO is to identify a common set of voluntary standards for the creation and functioning of information sharing and analysis organizations,” said Dr. Gregory B. White, Executive Director, ISAO SO. “We are now soliciting the public’s feedback on the proposal for two types of voluntary certification: self and third party certification. This is designed to start a conversation on how to promote trust between information sharing entities, particularly among new and emerging ISAOs.”

The ISAO SO has published seven voluntary guideline documents since September 2016 on isao.org. These publications were developed with the support of over 160 industry experts in response to Presidential Executive Order 13691 to provide guidelines for effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.