To guide you through the process of developing or enhancing an Information Sharing and Analysis Organization, the CIAS-ISAO has listed some no cost resources below for your reference.
NIST Framework
The NIST Framework is voluntary guidance, based on existing standards, guidelines and practices for organizations to better manage and reduce cybersecurity risk. Additionally, the Framework was designed to develop a shared understanding of cybersecurity risks amongst both internal and external organizational stakeholders.
NIST Publications
NIST has developed publications that support a deeper exploration of certain standardization and conformity assessment activities. These publications provide an in-depth look into their studies, compliance guides and recent standards-related activities and issues.
CISA Cybersecurity Framework
Developed to help organizations improve their cyber resilience, the CISA Cybersecurity Framework provides private and public sector guidance for all six critical infrastructure sectors. The Framework’s resources align with their five function areas: Identify, Protect, Detect, Respond and Recover.
CISA Cybersecurity Resources
CISA offers a variety of resources to share with your community, organization and stakeholders. These resources provide guidance and best practice for telecommuting; assessments, prevention and response resources; disinformation resources; and national risk management.
The CIAS-ISAO has also developed some guidance for consideration when creating your ISAO. Check back regularly as we will continue to provide new resources.
ISAO Governance
An important initial requirement for an emerging ISAO is to define a governance model that describes clearly how the ISAO will be directed and overseen. Governance refers to the process of making decisions which define the expectations, systems and management. When the ISAO is first forming, a governing body should be established and authorized to make decisions and formulate the ISAO’s organizational policies. (ISAO 100-2)
For a more in-depth look into who makes up the governing body, as well as the components and characteristics of the governance model, click here to download the CIAS-ISAO Governance document.
Cybersecurity Resources for Communities
-
CISA Cyber Resource Hub: www.cisa.gov/cyber-resource-hub
-
Free Cybersecurity Services and Tools: www.cisa.gov/free-cybersecurity-services-and-tools
-
Multi-State ISAC: www.cisecurity.org/ms-isac
-
CIAS-ISAO: https://ciasisao.org
-
Texas Department of Information Resources: https://dir.texas.gov/information-security
-
TAMU Statewide Cybersecurity Services: https://it.tamus.edu/scs/
-
Searching for an ISAC/ISAO: https://www.isao.org/new-information-sharing-groups/
-
NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
-
NIST Special Cybersecurity Publications: https://csrc.nist.gov/publications/sp800
-
CIS Critical Security Controls: https://www.cisecurity.org/controls
-
NIST SP800-171r2 Protecting CUI: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf
