<div dir="ltr"><div class="gmail_default" style="font-family:comic sans ms,sans-serif;font-size:small">The USG has issued the final guidance on the <a href="https://www.congress.gov/bill/114th-congress/senate-bill/754/text" target="_blank">Cybersecurity Information Sharing Act of 2015</a> (CISA). <br></div><div class="gmail_quote"><div dir="ltr"><div style="font-family:"comic sans ms",sans-serif;font-size:small"><br></div><div style="font-family:"comic sans ms",sans-serif;font-size:small">You may recall the Act's principal objective is to create a space that encourages cybersecurity data sharing between and among businesses and governments in furtherance of timely action against cybersecurity threats.</div><div style="font-family:"comic sans ms",sans-serif;font-size:small"><br></div><div style="font-family:"comic sans ms",sans-serif;font-size:small">The Act<div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small;display:inline"> provides</div> certain protections <div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small;display:inline">to actors </div>where data sharing may violate existing laws. Protections include from civil liability, regulatory action such as anti-trust and disclosure under open government (FOIA) rules. </div><div style="font-family:"comic sans ms",sans-serif;font-size:small"><br></div><div style="font-family:"comic sans ms",sans-serif;font-size:small">The guidance paper - it is configured in four (4) sections) - is intended to assist interpretation and provides a template to <div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small;display:inline">frame</div> lawful process and action. <div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small;display:inline">T</div>he chapter on <a href="https://www.us-cert.gov/sites/default/files/ais_files/Privacy_and_Civil_Liberties_Guidelines_%28Sec%20105%28b%29%29.pdf" target="_blank">Privacy and Civil Liberties</a><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small;display:inline"> might be of heightened interest to this WG</div><div class="gmail_default" style="font-family:"comic sans ms",sans-serif;font-size:small;display:inline">. Even as it enables federal entities to'receive, retain, use and disseminate' PII as part of the corpus of cyber threat indicators, purpose specification, data minimization and use limitation are also delineated. </div> See the entire document here:</div><div style="font-family:"comic sans ms",sans-serif;font-size:small"><br></div><div><font face="comic sans ms, sans-serif"><a href="https://www.us-cert.gov/ais" target="_blank">https://www.us-cert.gov/ais</a></font><br></div><div><font face="comic sans ms, sans-serif"><br></font></div><div><font face="comic sans ms, sans-serif">-Carlton</font></div><div><br></div><div><div data-smartmail="gmail_signature">==============================<br>Carlton A Samuels<br>Mobile: <a href="tel:876-818-1799" value="+18768181799" target="_blank">876-818-1799</a><br><i><font color="#33CC00">Strategy, Planning, Governance, Assessment & Turnaround</font></i><br>=============================</div></div>
</div>
</div><br></div>