The Department of Homeland Security (DHS) and the Department of Justice (DOJ) have issued the long-awaited final procedures for both Federal and Non-Federal Entities under the Cybersecurity Information Sharing Act (CISA) (“Final Procedures”) that provide information on how DHS will implement CISA. In addition to the Final Procedures, the agencies also released “Guidance to Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015” (the “Guidance”).
As we have written previously, a company may share cyber threat indicators (CTIs) and defensive measures (DMs) for cybersecurity purposes “notwithstanding any other provision of law,” and receive certain liability protections for sharing in accordance with the Act. The Final Procedures and the Guidance are finalized versions of interim guidance previously discussed. Any decision to share information under CISA is complex and involves factual and legal determinations.
Read on to find out what CTIs and DMs are, and information on the procedures companies must follow to obtain liability protection for sharing CTIs and DMs with the Federal Government. Continue Reading “Interim” No More: DHS and DOJ Publish Final CISA Guidance on Cybersecurity Sharing