The March 4, 2015 Federal Register Notice announcing the March 18th ISAO/ISAC Summit indicated that there was an open comment period through April 19th. The Internet Security Alliance (ISA) appreciates the opportunity to offer our comments as our preliminary input and initial contributions to the ISAO discussion in addition to the statement for the public record ISA made at March 18th open meeting.
For purposes of clarity, ISA does not intend to become an ISAO, and while we are open to and look forward to working with other organizations who may become the prime contractor as the standards organization that will identify the best practices for ISAOs, ISA does not expect to be that primary contractor.
Instead ISA’s comments are as an interested and very supportive part of the ISAO process. Indeed, many of the core aspects of the ISAO proposal including branching out of the traditional sector ISAC model and greater access to more actionable information by smaller players, were first advocated by the ISA in our Cyber Security Social Contract (2008) and referenced extensively in President Obama’s “Cyber Space Policy Review (2009). ISA anticipates contributing further as the Standards Organization begins its work and at that time will weigh in on the standards themselves. (Click the link to read the whole filing)