Today the Department of Homeland Security published a
request for comments in the Federal Register (81 FR
29289-29290) for a series of draft documents published by the
Information Sharing and Analysis Organization (ISAO) Standards Organization
(SO). The ISAO SO was established by EO
13691 to aid in the establishment of industry
ISAOs.
The Documents
The ISAO SO has published a draft of nine documents that are
intended to help standardize the establishment and operation of cybersecurity
ISAOs. These documents include:
• Privacy;
• Security;
The links provided above go to a landing page for the
particular documents. That page includes a link to the actual .PDF draft
documents. For people that are not registered with the ISAO (very simple,
minimal information registration) the also provides a link to submit comments
about that particular document on-line. For ISAO SO registered personnel, the
page includes a direct method of submitting comments on-line.
Cybersecurity-Related Information Sharing Guidelines
I am not going to do a detailed review of any of these
documents in this post, but I will use what I consider (from my point of view)
to be the core document to look at what these documents generally look like and
what the ISAO SO is trying to accomplish with this request for information.
The document starts out with a typical executive summary.
Included in this draft is an interesting section entitled ‘Note to Reviewers’.
This is a comment from the crafters of the document explaining how the document
is organized and listing a general overview of comments that the crafters are
looking for on the presentation of the information and the level of detail
included in the presentation. Needless to say, this section will not be
included in the final document.
The next section of the document is ‘Objectives’. This helps
to explain both the objective of the document and the ISAO with regards to the
topic. It is made clear that the document is not prescriptive but conceptual
and is meant to illustrate options.
We then get into the meat of the document. In this case it
includes sections on:
• Supporting cybersecurity risk and
incident management;
• ISAO information sharing value proposition
and policies;
• Categories of information an ISAO
may want to share;
• Collection, dissemination and analysis—functional
decomposition;
• Applying shared information; and
• Architectural considerations;
Crafters of the document include additional ‘Note to
Reviewers’ sections within the document. Again this is done to clarify
editorial decisions and to request specific feedback from commenters.
Public Comments
DHS and the ISAO SO are requesting public feedback on this
series of draft documents. As I noted earlier, each document landing page
includes provisions for submission of comments on-line from that landing page.
For more general comments about the program or the need for additional
documents commenters may use the Federal eRulemaking Portal (www.Regulations.gov; Docket # DHS-2015-0017).
Comments should be submitted by June 17th, 2016.
Posts
No comments:
Post a Comment