ISAO Standards

The ISAO 100-1: Introduction to Information Sharing and Analysis Organizations (ISAO) document serves as an introduction to the topic of ISAOs and to the series of documents developed to assist newly forming ISAOs. The establishment of ISAOs allows communities of interest to

The document ISAO 100-2: Guidelines for Establishing an Information Sharing and Analysis Organization provides a set of guidelines for establishing an ISAO. First, a set of key strategic planning factors is provided to help emerging ISAOs consider the most critical questions early

The ISAO 300-1: Introduction to Information Sharing document introduces the topic of cybersecurity information sharing. The intent is to provide a foundation for those trying to understand the basics of information sharing as it relates to Information Sharing and Analysis Organizations (ISAOs).

Comprised of technical discussions and guidelines to assist organizations implementing automated cyber threat intelligence information sharing and its use in mitigating cybersecurity risks, the ISAO 300-2 document is designed to provide an implementation guideline for automating key elements of the cyber threat

Including an overview of state laws and general legislation that can influence the roles of information sharing entities within geographical areas, the ISAO 400-1 document is designed to provide insights into the laws, initiatives and regulations nationwide that ISAOs should understand and

In February 2015, then-President Barack Obama signed Executive Order 13691, describing the critical need for cybersecurity information sharing and strongly encouraging the formation and development of Information Sharing and Analysis Organizations (ISAOs). Since the executive order was issued, a significant number of

The objective of the ISAO 600-2: U.S. Government Relations, Programs, and Services document is to identify preliminary matters of policy and principles, state and local government perspectives, and relevant federal laws regarding cybersecurity information sharing within the United States. Developing trust within

The purpose of analysis is to produce intelligence that decreases uncertainty in decision making and therefore reduces risk. The ISAO 700-1: Introduction to Analysis document provides an introduction to the information analysis process and how an Information Sharing and Analysis Organization (ISAO)

The ISAO Special Publications 1000: Forming a Tax Exempt Entity document serves as a high-level overview of tax-exempt legal entity formation options under the Internal Revenue Code (the “Code”) for Information Sharing and Analysis Organizations (ISAOs). This document does not provide an

The purpose of the ISAO Special Publication 4000: Protecting Consumer Privacy in Cybersecurity Information Sharing guide is to assist risk managers in making decisions with respect to privacy when sharing cybersecurity information. This publication builds upon the previously published basic principles by

The pervasiveness of the nation-state adversarial threat to the cybersecurity of every entity – and the challenges in mitigating such a threat with the limited resources of any single entity – drives concerned organizations to collaborate in partnerships that blend their strengths

Broadening participation in voluntary information sharing is an important goal, the success of which will fuel the creation of an increasing number of Information Sharing and Analysis Organizations (ISAOs) across a wide range of corporate, institutional and governmental sectors. While information sharing