What is the Cybersecurity Information Sharing Act (CISA)?
The Cybersecurity Information Sharing Act (CISA) is a U.S. law enacted in 2015 to improve cybersecurity in the U.S. through enhanced sharing of information about cybersecurity threats. It allows U.S. government agencies and non-government entities to share information with each other in order to investigate cyberattacks. Without CISA, companies under attack might be prohibited (e.g., a hospital blocked by HIPAA) from sharing information with the government for purposes of countering the threat. Before sharing cyber-threat indicators, non-government entities must remove personal information.