Report | Jan. 24, 2022

Unclassified Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015, AUD-2021-002-U

Audit

Publicly Released: January 21, 2022

On December 18, 2015, Congress passed Public Law 114-113, the Consolidated Appropriations Act, 2016, which includes Title I – the Cybersecurity Information Sharing Act of 2015 (the Act). The Act creates a framework to facilitate and promote voluntary sharing of cyber threat indicators (CTIs) and defensive measures (DMs) among and between Federal and non-Federal entities.

The Act requires the Inspectors General of the “appropriate Federal entities,” defined as the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury, and the Office of the Director of National Intelligence (ODNI), “in consultation with the Inspector General of the Intelligence Community and the Council of Inspectors General on Financial Oversight,” to jointly report to Congress by December 18—every two years—on the actions taken over the most recent two-year period to carry out the Act. This report meets the joint, biennial reporting requirement.

The OIGs determined that CTI and DM sharing has improved over the past two years, and efforts are underway to expand accessibility to information. Sharing CTIs and DMs increases the amount of information available for defending systems and networks against cyber attacks.

Click here to view the report.