Yesterday, the Department of Homeland Security (“DHS”) and Department of Justice released final guidance as required by Title I of the Cybersecurity Act of 2015 (“CISA”), which was enacted into law this past December. The guidance was prepared in consultation with several additional federal agencies, and includes four separate documents. We summarize each of the guidance documents below.
The first document (“sharing guidance”) provides guidance for non-federal entities (including state governments) that elect to share cybersecurity information with the federal government under CISA. It summarizes the sharing authorized by CISA as follows: “Effectively, the only information that can be shared under the Act is information that is directly related to and necessary to identify or describe a cybersecurity threat.” But it also notes that “otherwise conflicting laws, including privacy laws, do not restrict sharing or any other action undertaken pursuant to CISA,” consistent with the language of Section 104(c) of CISA, which permits such sharing “notwithstanding any other provision of law.”
Continue Reading Federal Government Releases Final Guidance on CISA