The Information Sharing and Analysis Organization (ISAO) Standards Organization (SO) is seeking participants and information to assist in the development of standards for ISAOs.
On February 20, 2015, President Obama issued Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing, to foster information sharing about cybersecurity risks and incidents among private-sector entities and the federal government. The order called for the U.S. Department of Homeland Security (DHS) to select through an open and competitive process a standards organization (SO) to identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs. Following a notice of funding opportunity announcement, the role of SO was awarded by DHS to the University of Texas at San Antonio (UTSA) with support from the Logistics Management Institute (LMI) and the Retail Cyber Intelligence Sharing Center (R-CISC). A first public meeting of the SO was held on November 9 in Tysons, Virginia, following similar events held earlier by DHS.
On December 7, the SO sent out a data call requesting by December 31, specific best practices, documents, and templates that can be used by entities that are forming ISAOs. In addition, the SO is soliciting volunteers by December 15 to populate six initial standards working groups that will help develop the principles, policies, processes, standards, guidelines, and templates to promote effective cybersecurity information sharing. Volunteer applications and data call inputs sent after these dates are still welcome, but submissions by the requested dates will facilitate timely stand-up and activation of the new working groups. A second public meeting of the SO is scheduled to be held on the campus of UTSA on February 9, 2016.
Questions or comments should be directed to ISAO@lmi.org.