The US Department of Homeland Security (DHS) issued guidance to facilitate and promote timely and proper sharing of cyber threat indicators (CTIs) and defensive measures (DMs) under the Cybersecurity Information Sharing Act of 2015 (CISA), which was passed as part of the Cybersecurity Act of 2015. The DHS also released guidance about interim procedures for federal entities related to receiving cyber threat indicators and defensive measures, privacy and civil liberties, and how to assist nonfederal entities with sharing cyber threat indicators and defensive measures with federal entities.

Highlights of the guidance for sharing CTIs and DMs under CISA include the following:

  • Directing the director of national intelligence, the secretary of DHS, the secretary of defense, and the attorney general, along with the heads of appropriate federal entities to develop and promote
    • timely sharing
      • of CTIs and DMs in the possession of the federal government with representatives of relevant federal entities and nonfederal entities that have appropriate security clearances;
      • with relevant federal entities and nonfederal entities of CTIs, DMs, and information relating to cybersecurity threats or authorized uses in the possession of the federal government that may be declassified and shared at an unclassified level;
      • with relevant federal entities and nonfederal entities or the public. if appropriate, of unclassified (including controlled unclassified) CTIs and DMs in the possession of the federal government; and
      • with federal entities and nonfederal entities, if appropriate, of information relating to cybersecurity threats or authorized uses in the possession of the federal government about cybersecurity threats to such entities to prevent or mitigate adverse effects from such cybersecurity threats.
  • periodic sharing, through publication and targeted outreach, of cybersecurity best practices, with attention to accessibility and implementation challenges faced by small businesses.