Cybersecurity Information Sharing Act of 2015 (CISA) (Title I of the Cybersecurity Act of 2015).
This Act is designed to increase cybersecurity information sharing between the private sector and the Federal Government. The Act provides various protections to non-federal entities that share cyber threat indicators or defensive measures with the Federal Government. DHS's AIS initiative is the principal mechanism for such sharing with the Federal Government. Sharing with DHS through AIS or other DHS mechanisms that is conducted in accordance with the Act's requirements receives liability protection.
As mandated by the Act, DHS has released guidance to assist private sector and federal entities share cyber threat indicators with the Federal Government. The Department also released interim policies and procedures relating to the receipt and use of cyber threat indicators by federal entities, interim guidelines relating to privacy and civil liberties in connection with the exchange of those indicators, and guidance to federal agencies on sharing information in the government's possession:
- Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government Under the Cybersecurity Information Sharing Act of 2015
- Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures With Federal Entities Under the Cybersecurity Information Sharing Act of 2015
- Interim Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government
- Privacy and Civil Liberties Interim Guidelines: Cybersecurity Information Sharing Act of 2015