PRIA Logo
Take the PRIA Score
Title 6Domestic SecurityRelease 119-73

§1502 Sharing of information by the Federal Government

Title 6 › Chapter CHAPTER 6— - CYBERSECURITY › Subchapter SUBCHAPTER I— - CYBERSECURITY INFORMATION SHARING › § 1502

Last updated Apr 6, 2026|Official source

Summary

Top U.S. intelligence and security leaders must make rules, with help from other agency heads, to speed up and guide how the federal government shares cyber threat information. They must do this while protecting classified secrets, intelligence methods, and people's privacy and civil rights. The rules must cover sharing classified threat indicators with cleared people, sharing things that can be declassified at an unclassified level, sharing unclassified or controlled-unclassified information (and the public if needed), sharing warnings to help protect specific entities, and regularly publishing cyber best practices with special attention to small businesses. The rules must let the government share in real time when possible. They should use existing sharing processes (like sector information centers). They must include ways to tell recipients quickly if something was shared in error, require security controls to stop unauthorized access, and require removal of personal data not needed for the cyber threat (or use tools to strip it out) before sharing. If a U.S. person's data was shared in violation of the rules, the person must be told. The leaders must consult the Small Business Administration and the National Laboratories, and the Director of National Intelligence must send these procedures to Congress not later than 60 days after December 18, 2015.

Full Legal Text

Title 6, §1502

Domestic Security — Source: USLM XML via OLRC

(a)Consistent with the protection of classified information, intelligence sources and methods, and privacy and civil liberties, the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General, in consultation with the heads of the appropriate Federal entities, shall jointly develop and issue procedures to facilitate and promote—
(1)the timely sharing of classified cyber threat indicators and defensive measures in the possession of the Federal Government with representatives of relevant Federal entities and non-Federal entities that have appropriate security clearances;
(2)the timely sharing with relevant Federal entities and non-Federal entities of cyber threat indicators, defensive measures, and information relating to cybersecurity threats or authorized uses under this subchapter, in the possession of the Federal Government that may be declassified and shared at an unclassified level;
(3)the timely sharing with relevant Federal entities and non-Federal entities, or the public if appropriate, of unclassified, including controlled unclassified, cyber threat indicators and defensive measures in the possession of the Federal Government;
(4)the timely sharing with Federal entities and non-Federal entities, if appropriate, of information relating to cybersecurity threats or authorized uses under this subchapter, in the possession of the Federal Government about cybersecurity threats to such entities to prevent or mitigate adverse effects from such cybersecurity threats; and
(5)the periodic sharing, through publication and targeted outreach, of cybersecurity best practices that are developed based on ongoing analyses of cyber threat indicators, defensive measures, and information relating to cybersecurity threats or authorized uses under this subchapter, in the possession of the Federal Government, with attention to accessibility and implementation challenges faced by small business concerns (as defined in section 632 of title 15).
(b)(1)The procedures developed under subsection (a) shall—
(A)ensure the Federal Government has and maintains the capability to share cyber threat indicators and defensive measures in real time consistent with the protection of classified information;
(B)incorporate, to the greatest extent practicable, existing processes and existing roles and responsibilities of Federal entities and non-Federal entities for information sharing by the Federal Government, including sector specific information sharing and analysis centers;
(C)include procedures for notifying, in a timely manner, Federal entities and non-Federal entities that have received a cyber threat indicator or defensive measure from a Federal entity under this subchapter that is known or determined to be in error or in contravention of the requirements of this subchapter or another provision of Federal law or policy of such error or contravention;
(D)include requirements for Federal entities sharing cyber threat indicators or defensive measures to implement and utilize security controls to protect against unauthorized access to or acquisition of such cyber threat indicators or defensive measures;
(E)include procedures that require a Federal entity, prior to the sharing of a cyber threat indicator—
(i)to review such cyber threat indicator to assess whether such cyber threat indicator contains any information not directly related to a cybersecurity threat that such Federal entity knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual and remove such information; or
(ii)to implement and utilize a technical capability configured to remove any information not directly related to a cybersecurity threat that the Federal entity knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual; and
(F)include procedures for notifying, in a timely manner, any United States person whose personal information is known or determined to have been shared by a Federal entity in violation of this subchapter.
(2)In developing the procedures required under this section, the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General shall consult with appropriate Federal entities, including the Small Business Administration and the National Laboratories (as defined in section 15801 of title 42), to ensure that effective protocols are implemented that will facilitate and promote the sharing of cyber threat indicators by the Federal Government in a timely manner.
(c)Not later than 60 days after December 18, 2015, the Director of National Intelligence, in consultation with the heads of the appropriate Federal entities, shall submit to Congress the procedures required by subsection (a).

Reference

Citations & Metadata

Citation

6 U.S.C. § 1502

Title 6Domestic Security

Last Updated

Apr 6, 2026

Release point: 119-73