In February 2015, President Obama signed Executive Order 13691: Promoting Private Sector Cybersecurity Information Sharing. The order encouraged the development of Information Sharing and Analysis Organizations (ISAOs) to improve our nation’s cybersecurity posture against the rapidly expanding set of cybersecurity threats. To implement that mandate, in October 2015, the University of Texas at San Antonio joined forces with LMI, a nonprofit government consulting firm, and the Retail Cyber Intelligence Sharing Center to form the Information Sharing and Analysis Organization Standards Organization (ISAO SO). The mission of the ISAO SO is to improve the nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices. ISAO SO published its first set of guidelines for ISAOs on September 30, 2016. A summary and link to the guidelines are below.
The ISAO SO has published initial voluntary guidelines for use by emerging and established ISAOs. These publications have been developed in response to Presidential Executive Order 13691 to provide guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices. The documents have been developed through an open, transparent consensus-based process and represent the collaboration of over 160 experts from industry, government, and academia