Browse Definitions :
Definition

Cybersecurity Information Sharing Act (CISA)

Cybersecurity Information Sharing Act (CISA) is proposed legislation that will allow United States government agencies and non-government entities to share information with each other as they investigate cyberattacks. Sharing is voluntary for participating organizations outside the government.

Currently, a number of U.S. regulatory frameworks impede sharing. For example, should a hospital in the United States came under attack, hospital administrators could be prevented from sharing information with government agencies because of privacy restrictions in the Health Insurance Portability and Accountability Act (HIPAA).

Under CISA, the Director of National Intelligence and the federal departments of Homeland Security, Defense and Justice are required to work together and develop procedures for sharing cybersecurity threat information. Non-federal entities will be required to remove personal information before sharing cyber-threat indicators, and the Department of Homeland Security (DHS) will be required to conduct a privacy review of received information.

Opponents of the legislation worry that the federal government will abuse how uses the information it gathers. As of this writing, the government may only use shared information to:

  • Identify a cybersecurity purpose.
  • Identify the source of a cybersecurity threat or security vulnerability.
  • Identify cybersecurity threats involving the use of an information system by a foreign adversary or terrorist.
  • Prevent or mitigate an imminent threat of death, serious bodily harm or serious economic harm, including a terrorist act or a use of a weapon of mass destruction.
  • Prevent or mitigate a serious threat to a minor, including sexual exploitation and threats to physical safety.
  • Prevent, investigate, disrupt or prosecute an offense arising out of a threat such as serious violent felonies or relating to fraud and identity theft.

This was last updated in February 2016

Continue Reading About Cybersecurity Information Sharing Act (CISA)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating ...

  • van Eck phreaking

    Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by...

  • zero-trust model (zero trust network)

    The zero trust model is a security model used by IT professionals that requires strict identity and device verification ...

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • solid-state storage

    Solid-state storage (SSS) is a type of computer storage media made from silicon microchips. SSS stores data electronically ...

  • persistent storage

    Persistent storage is any data storage device that retains data after power to that device is shut off. It is also sometimes ...

  • computational storage

    Computational storage is an information technology (IT) architecture in which data is processed at the storage device level to ...

Close