Cybersecurity

New standards coming for ISAOs

Shutterstock image. 

A group charged with developing standards around information sharing announced Nov. 1 that it will be releasing a draft plan later this month to establish a voluntary self-certification process and criteria for Information Sharing and Analysis Organizations.

Greg White, speaking on behalf of the ISAO Standards Organization at the International Information Sharing Conference in Washington, D.C., said the plan will be released in mid-to-late November 2017. The organization is concerned that there are little to no standards for information sharing groups to ensure that the data they are sharing is high quality and trustworthy.

"Right now, anybody who wants to can call themselves an [Information Sharing and Analysis Center] or an ISAO, and there's nothing stopping them," White said.

He described the plan as "skeletal" and said the organization will be looking to get feedback from the public and stakeholder organizations.

"Roughly what we imagine … is something like a self-certification [followed by] some sort of baseline certification and then potentially some additional certifications based on specific services and capabilities beyond that," White said.

He said that voluntary self-certification on its own would not do much to engender greater trust among the wider public, so the organization also floated the possibility of an additional baseline certification process conducted by an independent third party to confirm that an organization is sticking to its own stated guidelines.

"Baseline certification would be a third-party organization coming along and saying, 'Yea, verily, looks like you are indeed doing that,' and boom you get the stamp of approval," White said.

Detailed criteria for the draft plan will be drawn in part from a recently released report on foundational services and capabilities for ISAOs, and White told FCW that the group is focusing in particular on sections related to collection, analysis and dissemination of information.

The ISAO Standards Organization was established through the 2015 executive order 13691. Members of the organization were selected by the Department of Homeland Security to establish standards for cybersecurity information sharing organizations.

The group is made up of officials from the University of Texas at San Antonio, LMI and the Retail Cyber Intelligence Sharing Center. 

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Management
    shutterstock image By enzozo; photo ID: 319763930

    Where does the TMF Board go from here?

    With a $1 billion cash infusion, relaxed repayment guidelines and a surge in proposals from federal agencies, questions have been raised about whether the board overseeing the Technology Modernization Fund has been scaled to cope with its newfound popularity.

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

Stay Connected