Cybersecurity

New standards coming for ISAOs

Shutterstock image. 

A group charged with developing standards around information sharing announced Nov. 1 that it will be releasing a draft plan later this month to establish a voluntary self-certification process and criteria for Information Sharing and Analysis Organizations.

Greg White, speaking on behalf of the ISAO Standards Organization at the International Information Sharing Conference in Washington, D.C., said the plan will be released in mid-to-late November 2017. The organization is concerned that there are little to no standards for information sharing groups to ensure that the data they are sharing is high quality and trustworthy.

"Right now, anybody who wants to can call themselves an [Information Sharing and Analysis Center] or an ISAO, and there's nothing stopping them," White said.

He described the plan as "skeletal" and said the organization will be looking to get feedback from the public and stakeholder organizations.

"Roughly what we imagine … is something like a self-certification [followed by] some sort of baseline certification and then potentially some additional certifications based on specific services and capabilities beyond that," White said.

He said that voluntary self-certification on its own would not do much to engender greater trust among the wider public, so the organization also floated the possibility of an additional baseline certification process conducted by an independent third party to confirm that an organization is sticking to its own stated guidelines.

"Baseline certification would be a third-party organization coming along and saying, 'Yea, verily, looks like you are indeed doing that,' and boom you get the stamp of approval," White said.

Detailed criteria for the draft plan will be drawn in part from a recently released report on foundational services and capabilities for ISAOs, and White told FCW that the group is focusing in particular on sections related to collection, analysis and dissemination of information.

The ISAO Standards Organization was established through the 2015 executive order 13691. Members of the organization were selected by the Department of Homeland Security to establish standards for cybersecurity information sharing organizations.

The group is made up of officials from the University of Texas at San Antonio, LMI and the Retail Cyber Intelligence Sharing Center. 

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.