Cybersecurity

New standards coming for ISAOs

Shutterstock image. 

A group charged with developing standards around information sharing announced Nov. 1 that it will be releasing a draft plan later this month to establish a voluntary self-certification process and criteria for Information Sharing and Analysis Organizations.

Greg White, speaking on behalf of the ISAO Standards Organization at the International Information Sharing Conference in Washington, D.C., said the plan will be released in mid-to-late November 2017. The organization is concerned that there are little to no standards for information sharing groups to ensure that the data they are sharing is high quality and trustworthy.

"Right now, anybody who wants to can call themselves an [Information Sharing and Analysis Center] or an ISAO, and there's nothing stopping them," White said.

He described the plan as "skeletal" and said the organization will be looking to get feedback from the public and stakeholder organizations.

"Roughly what we imagine … is something like a self-certification [followed by] some sort of baseline certification and then potentially some additional certifications based on specific services and capabilities beyond that," White said.

He said that voluntary self-certification on its own would not do much to engender greater trust among the wider public, so the organization also floated the possibility of an additional baseline certification process conducted by an independent third party to confirm that an organization is sticking to its own stated guidelines.

"Baseline certification would be a third-party organization coming along and saying, 'Yea, verily, looks like you are indeed doing that,' and boom you get the stamp of approval," White said.

Detailed criteria for the draft plan will be drawn in part from a recently released report on foundational services and capabilities for ISAOs, and White told FCW that the group is focusing in particular on sections related to collection, analysis and dissemination of information.

The ISAO Standards Organization was established through the 2015 executive order 13691. Members of the organization were selected by the Department of Homeland Security to establish standards for cybersecurity information sharing organizations.

The group is made up of officials from the University of Texas at San Antonio, LMI and the Retail Cyber Intelligence Sharing Center. 

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.