Promoting Private Sector Cybersecurity Information Sharing

Organizations must be able to share information related to cybersecurity risks and incidents and collaborate. Sharing must be conducted in a manner that protects the privacy and civil rights of individuals and perserves business confidentiality.

Information Sharing and Analysis Organizations

The Department of Homeland Security shall encourage the formation of Information Sharing and Analysis Organizations (ISAOs). ISAOs may be organzied on the basis of sector, sub-sector, region, in response to specific threats or vulnerabilities, etc. Membership to ISAOs may be drawn from public or private sector.

ISAO Standards Organization

The Department of Homeland Security will pick a Standards Organization to identify guidelines for the creating and functioning of ISAOs.

Critical Infrastructure Protection Program

The National Cybersecurity and Communications Integration Center is a critical infrastructure protection program and can entering into voluntary agreements with ISAOs.

Privacy and Civil Liberties Protections

Agencies will ensure that appropriate protections for privacy and civil liberties are incorporated into information sharing.

Last modified January 7, 2020