Cybersecurity

New standards coming for ISAOs

Shutterstock image. 

A group charged with developing standards around information sharing announced Nov. 1 that it will be releasing a draft plan later this month to establish a voluntary self-certification process and criteria for Information Sharing and Analysis Organizations.

Greg White, speaking on behalf of the ISAO Standards Organization at the International Information Sharing Conference in Washington, D.C., said the plan will be released in mid-to-late November 2017. The organization is concerned that there are little to no standards for information sharing groups to ensure that the data they are sharing is high quality and trustworthy.

"Right now, anybody who wants to can call themselves an [Information Sharing and Analysis Center] or an ISAO, and there's nothing stopping them," White said.

He described the plan as "skeletal" and said the organization will be looking to get feedback from the public and stakeholder organizations.

"Roughly what we imagine … is something like a self-certification [followed by] some sort of baseline certification and then potentially some additional certifications based on specific services and capabilities beyond that," White said.

He said that voluntary self-certification on its own would not do much to engender greater trust among the wider public, so the organization also floated the possibility of an additional baseline certification process conducted by an independent third party to confirm that an organization is sticking to its own stated guidelines.

"Baseline certification would be a third-party organization coming along and saying, 'Yea, verily, looks like you are indeed doing that,' and boom you get the stamp of approval," White said.

Detailed criteria for the draft plan will be drawn in part from a recently released report on foundational services and capabilities for ISAOs, and White told FCW that the group is focusing in particular on sections related to collection, analysis and dissemination of information.

The ISAO Standards Organization was established through the 2015 executive order 13691. Members of the organization were selected by the Department of Homeland Security to establish standards for cybersecurity information sharing organizations.

The group is made up of officials from the University of Texas at San Antonio, LMI and the Retail Cyber Intelligence Sharing Center. 

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.