Browse Definitions:
Definition

Cybersecurity Information Sharing Act (CISA)

Cybersecurity Information Sharing Act (CISA) is proposed legislation that will allow United States government agencies and non-government entities to share information with each other as they investigate cyberattacks. Sharing is voluntary for participating organizations outside the government.

Currently, a number of U.S. regulatory frameworks impede sharing. For example, should a hospital in the United States came under attack, hospital administrators could be prevented from sharing information with government agencies because of privacy restrictions in the Health Insurance Portability and Accountability Act (HIPAA).

Under CISA, the Director of National Intelligence and the federal departments of Homeland Security, Defense and Justice are required to work together and develop procedures for sharing cybersecurity threat information. Non-federal entities will be required to remove personal information before sharing cyber-threat indicators, and the Department of Homeland Security (DHS) will be required to conduct a privacy review of received information.

Opponents of the legislation worry that the federal government will abuse how uses the information it gathers. As of this writing, the government may only use shared information to:

  • Identify a cybersecurity purpose.
  • Identify the source of a cybersecurity threat or security vulnerability.
  • Identify cybersecurity threats involving the use of an information system by a foreign adversary or terrorist.
  • Prevent or mitigate an imminent threat of death, serious bodily harm or serious economic harm, including a terrorist act or a use of a weapon of mass destruction.
  • Prevent or mitigate a serious threat to a minor, including sexual exploitation and threats to physical safety.
  • Prevent, investigate, disrupt or prosecute an offense arising out of a threat such as serious violent felonies or relating to fraud and identity theft.

This was last updated in February 2016

Continue Reading About Cybersecurity Information Sharing Act (CISA)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...

  • risk assessment

    Risk assessment is the identification of hazards that could negatively impact an organization's ability to conduct business.

SearchSecurity

  • principle of least privilege (POLP)

    The principle of least privilege (POLP), an important concept in computer security, is the practice of limiting access rights for...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for identifying, authenticating and authorizing individuals or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

SearchStorage

SearchSolidStateStorage

  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.

Close