The Government Accountability Office (GAO) issued a report Thursday highlighting the success of several Federal agencies in keeping information secure and private while sharing cyber threat indicators as part of the Cybersecurity Information Sharing Act of 2015 (CISA).
The law requires policies including those dealing with privacy and civil liberties guidance, and appropriate security and privacy protections while building a real-time threat-data sharing capability. GAO’s audit focused on the government-wide policies for sharing threat information developed by the Department of Homeland Security, the Department of Justice, the Department of Defense, the Department of Commerce, the Department of Energy, the Treasury, and the Office of the Director of National Intelligence to ensure compliance.
“The seven designated federal agencies developed policies, procedures, and guidelines that met the eight CISA provisions relevant to the removal of personal information from cyber threat indicators and defensive measures,” GAO said in its report.
Through six policies around threat sharing, the departments worked together to satisfy eight main provisions of CISA, ensuring that privacy and civil liberty concerns were met, according to GAO’s report.
GAO often makes news with reports that are critical of agency functions, but with GAO’s findings on the positive side, the agencies reviewed had no disagreements to offer, and provided only offered technical comments about GAO’s conclusions.