DHS/CISA/PIA-029 Automated Indicator Sharing

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Office of Cybersecurity and Communications (CS&C) has developed an Automated Indicator Sharing (AIS) initiative to enable the timely exchange of cyber threat indicators and defensive measures among federal and non-federal entities. These cyber threat indicators and defensive measures are shared consistent with the need to protect information systems from cybersecurity threats, mitigate cybersecurity threats, and comply with any other applicable provisions of law authorized by the Cybersecurity Information Sharing Act of 2015 in a manner that ensures appropriate incorporation of privacy, civil liberties, and other compliance protections. Central to the AIS initiative and consistent with the requirements of the Cybersecurity Information Sharing Act of 2015, the DHS National Cybersecurity and Communications Integration Center (NCCIC) serves as the centralized hub for exchanging cybersecurity threat information using a DHS-accredited infrastructure. CISA is conducting this Privacy Impact Assessment (PIA) because personally identifiable information (PII) may be submitted as part of or accompanying a cyber threat indicator or defensive measure. This PIA updates and retires DHS/CISA/PIA-029 Automated Indicator Sharing PIA, issued October 28, 2015. March 2016

Associated SORNs

• DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists System
• DHS/ALL-004 General Information Technology Access Account Records System (GITAARS)