The Cybersecurity Information Sharing Act (CISA), which was enacted into law last year, encourages reciprocal sharing of cybersecurity data breach and cyber threat information between the federal government and the private sector. CISA also includes various liability protections for non-federal entities that share information with the federal government. DHS currently uses a system called Automated Indicator Sharing (AIS) as the principal mechanism for sharing this information.
As required by CISA, the Department of Homeland Security has published four documents setting out guidelines for the law’s information-sharing mechanisms. The four required documents that the DHS has released Include:
- Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015
- Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015
- Interim Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government
- Privacy and Civil Liberties Interim Guidelines: Cybersecurity Information Sharing Act of 2015