Guidance on Cybersecurity Information Sharing Act
The USG has issued the final guidance on the Cybersecurity Information Sharing Act of 2015 <https://www.congress.gov/bill/114th-congress/senate-bill/754/text> (CISA). You may recall the Act's principal objective is to create a space that encourages cybersecurity data sharing between and among businesses and governments in furtherance of timely action against cybersecurity threats. The Act provides certain protections to actors where data sharing may violate existing laws. Protections include from civil liability, regulatory action such as anti-trust and disclosure under open government (FOIA) rules. The guidance paper - it is configured in four (4) sections) - is intended to assist interpretation and provides a template to frame lawful process and action. T he chapter on Privacy and Civil Liberties <https://www.us-cert.gov/sites/default/files/ais_files/Privacy_and_Civil_Libe...> might be of heightened interest to this WG . Even as it enables federal entities to'receive, retain, use and disseminate' PII as part of the corpus of cyber threat indicators, purpose specification, data minimization and use limitation are also delineated. See the entire document here: https://www.us-cert.gov/ais -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
participants (1)
-
Carlton Samuels