The federal government is stepping aside and letting the private sector lead the way in creating standards for cyber threat information sharing and analysis organizations, similarly to how they developed their cybersecurity framework.
According to Andy Ozment, Homeland Security assistant secretary for cybersecurity and communications, the ISAO standards “won’t look exactly like the effort to develop the cybersecurity framework, but it won’t be dramatically different, either. To get ISAOs operational, DHS is holding “competitions to select private-sector groups known as ISAO standards organizations to develop the guidelines for the creation and operations of ISAOs.”
Ozment says that the government will make suggestions for the guidelines but “ultimately it will be up to the private sector to say, ‘These are the practices that we think matter most that constitute an effective ISAO.'”