The Information Sharing and Analysis Organization Standards Organization (ISAO SO) today announced a second Request for Comment period for ISAO 200-1: Foundational Services and Capabilities. Members of the public have until March 28, 2018 to provide comments on this second draft publication released by the ISAO SO on March 14, 2018. To provide comments, click here.
Building a new Information Sharing and Analysis Organization (ISAO) can be very challenging. There are multiple complexities to overcome before the ISAO can become operational. Many of these challenges were addressed in ISAO 100-2: Guidelines for Establishing an Information Sharing and Analysis Organization, which introduced an initial set of guidelines for establishing an ISAO, with the purpose of providing guidance to those looking to establish an ISAO or to those newly formed ISAOs. The 100-2 document introduced a list of several services and capabilities, which were categorized into Foundational, Advanced, and Unique. The Capabilities and Services Working Group (WG2) felt that it would be beneficial to go into more detail about those services and capabilities outlined in Appendix A of ISAO 100-2. The outcome of this new document is to assist ISAOs in providing immediate value to their membership.
The ISAO SO has published seven voluntary guideline documents since September 2016 on ISAO.org. These publications were developed with the support of over 160 industry experts in response to Presidential Executive Order 13691 to provide guidelines for effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.