Including an overview of state laws and general legislation that can influence the roles of information sharing entities within geographical areas, the ISAO 400-1 document is designed to provide insights into the laws, initiatives and regulations nationwide that ISAOs should understand and monitor.

“When it comes to information sharing, it’s important for ISAOs to remember that there may be state and local opportunities and mandates they should learn about,” said David Turetsky, chair of the Privacy and Security Work Group and a professor of practice at the University of Albany. “This release is intended to give a few examples and help illustrate why state and local laws can matter to ISAOs.”

ISAOs and similar organizations can be a critical resource in providing cyber threat information and resilience support to states and localities. The ISAO 400-1 document encourages ISAO operational choices to engage with local, state and federal levels of government to help educate legislators about their needs and to share various forms of threat vector and cybersecurity risk information with those entities.

“With the Department of Homeland Security working hard to engage in and improve information sharing, Congress passing laws like the Cybersecurity Information Sharing Act of 2015, and the White House issuing relevant Executive Orders, ISAOs may be less focused on the activities of state and local governments. This document helps to explain and illustrate why ISAOs also need to pay attention to these other levels of government,” said Turetsky.

The ISAO 400-1 document includes insights into privacy laws, some of which have been influenced by the European Union’s General Data Protection Regulation (GDPR), among other topics of interest.

ISAO SO publications are documents authored by the ISAO SO working groups using an open and transparent consensus-driven development process. These documents focus on specific topics to meet the needs of information sharing organizations.