The Cybersecurity Information Sharing Act of 2015 (CISA) provides limited liability protection and information disclosure protections for private-to-private and private-to-government cybersecurity information sharing. On February 16, 2016, two key U.S. agencies released a set of documents describing how CISA’s provisions are expected to work in practice. The materials released by the  Department of Homeland Security (DHS) and the Department of Justice (DOJ) include:

A Federal Register notice (currently available here for pre-publication review) from DHS is scheduled to be published on February 18, 2016.

Notably, the guidance, procedures, and guidelines are expected to influence the Information Sharing and Analysis Organizations (ISAO) standards development effort (more here). While the ISAO standards development effort is not expected to recreate the DHS-DOJ documents, best practice recommendations for ISAOs to implement and apply the newly released guidance documents, procedures, and guidelines are under consideration.

For additional information on CISA, see our past coverage available here and here.