Hogan Lovells 2024 Election Impact and Congressional Outlook Report
The Cybersecurity Information Sharing Act of 2015 (CISA) provides limited liability protection and information disclosure protections for private-to-private and private-to-government cybersecurity information sharing.
On February 16, 2016, two key U.S. agencies released a set of documents describing how CISA’s provisions are expected to work in practice. The materials released by the Department of Homeland Security (DHS) and the Department of Justice (DOJ) include:
Guidance for non-Federal (mostly, private-sector) entities on the sharing of cyber threat indicators and defensive measures;
Guidance for Federal entities on the sharing of cyber threat indicators and defensive measures;
Interim procedures related to the receipt of such information by the federal government; and
A Federal Register notice (currently available here for pre-publication review) from DHS is scheduled to be published on February 18, 2016.
Notably, the guidance, procedures, and guidelines are expected to influence the Information Sharing and Analysis Organizations (ISAO) standards development effort (more here). While the ISAO standards development effort is not expected to recreate the DHS-DOJ documents, best practice recommendations for ISAOs to implement and apply the newly released guidance documents, procedures, and guidelines are under consideration.
For additional information on CISA, see our past coverage available here and here.
Authored by Allison Bender