The ISAO SO has published initial voluntary guidelines for use by emerging and established ISAOs. These publications have been developed in response to Presidential Executive Order 13691 to provide guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices.
The documents have been developed through an open, transparent consensus-based process and represent the collaboration of over 160 experts from industry, government, and academia, combined with the input and feedback of the public. The ISAO document series will continue to grow and evolve in the coming months to serve the community with additional publications. If you have any comments or suggestions relating to these documents, you may submit them using our published product comment form.
The ISAO SO has revised the initial set of voluntary guidelines to correct typographical and grammatical errors only. No content was changed in v1.01 of the documents.
This document serves as a high-level overview of tax-exempt legal entity formation options under the Internal Revenue Code (the “Code”) for Information Sharing and Analysis Organizations (ISAOs). This document does not provide an overview of other federal taxes, non-tax considerations, or state law considerations in choosing an entity type for an...Read more
The purpose for this document is assist risk managers in making decisions with respect to privacy when sharing cybersecurity information. It builds upon the previously published basic principles by outlining actions to promote efficient and effective information sharing while minimizing the impact on privacy interests. Importantly, this document reflects the contributions of industry, civil society, and the government. This document supplements ISAO 300-1 Introduction to Information Sharing...Read more
The objective of this guide is to identify preliminary matters of policy and principles, state and local government perspectives, and relevant federal laws regarding cybersecurity information sharing within the United States. Developing trust within and across an information sharing ecosystem that involves both the public and private sectors is a major consideration for all collaborating entities, particularly in the areas of information sharing and privacy, the role of government, and...Read more
The purpose of this document is to provide an introduction to cybersecurity information sharing. The intent is to provide a foundation for those trying to understand the basics of information sharing as it relates to Information Sharing and Analysis Organizations (ISAOs). This document describes a conceptual framework for information sharing, information sharing concepts, the types of cybersecurity information an organization may want to share, ways an organization can facilitate information...Read more
The purpose of this document is to provide a set of guidelines for establishing an Information Sharing and Analysis Organization (ISAO). First, a set of key strategic planning factors is provided to help emerging ISAOs consider the most critical questions early in the process. These strategic planning factors will then guide and inform consideration of a series of key operational factors. Finally, a section on building a trusted community offers a set of key considerations for establishing...Read more
This document serves as an introduction to the topic of Information Sharing and Analysis Organizations (ISAOs) and to the series of documents developed to assist newly forming ISAOs. The establishment of ISAOs allows communities of interest to share cyber threat information with each other on a voluntary basis and to then analyze the shared information to provide guidance or assistance to ISAO members. The goal is to create deeper and broader networks of information sharing to elevate the...Read more
Get Notified When Future Documents Are Released
If you would like to be notified when future published documents are released, please subscribe to the ISAO SO mailing list using the following form.