Title 6 — Domestic SecurityRelease 119-73not60

§1502 Sharing of Information by the Federal Government

Title 6 › Chapter 6— CYBERSECURITY › Subchapter I— CYBERSECURITY INFORMATION SHARING › § 1502

Last updated Apr 3, 2026|Official source

Summary

The Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General must work together to write rules that make it easier and faster for the federal government to share cyber threat indicators and defensive steps. The rules must let the government share classified threat information with people who have the right clearances, share information that can be declassified at an unclassified level, share unclassified or controlled-unclassified information (and the public when appropriate), share warnings about threats to specific entities so harm can be prevented or reduced, and publish regular cybersecurity best practices with special attention to small businesses. The rules must let sharing happen in real time when possible, use existing sharing systems and roles (like sector information-sharing groups), require quick notice if the government later finds a shared item was wrong or illegal, protect shared data from unauthorized access, and remove or strip personal information about a specific person before sharing. If a United States person’s personal data was shared in violation of the rules, the person must be notified. The agencies must consult with other federal entities including the Small Business Administration and the National Laboratories (federally funded research labs), and they had to send these procedures to Congress not later than 60 days after December 18, 2015.

Full Legal Text

Title 6, §1502

Domestic Security — Source: USLM XML via OLRC

(a)Consistent with the protection of classified information, intelligence sources and methods, and privacy and civil liberties, the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General, in consultation with the heads of the appropriate Federal entities, shall jointly develop and issue procedures to facilitate and promote—

(1)the timely sharing of classified cyber threat indicators and defensive measures in the possession of the Federal Government with representatives of relevant Federal entities and non-Federal entities that have appropriate security clearances;

(2)the timely sharing with relevant Federal entities and non-Federal entities of cyber threat indicators, defensive measures, and information relating to cybersecurity threats or authorized uses under this subchapter, in the possession of the Federal Government that may be declassified and shared at an unclassified level;

(3)the timely sharing with relevant Federal entities and non-Federal entities, or the public if appropriate, of unclassified, including controlled unclassified, cyber threat indicators and defensive measures in the possession of the Federal Government;

(4)the timely sharing with Federal entities and non-Federal entities, if appropriate, of information relating to cybersecurity threats or authorized uses under this subchapter, in the possession of the Federal Government about cybersecurity threats to such entities to prevent or mitigate adverse effects from such cybersecurity threats; and

(5)the periodic sharing, through publication and targeted outreach, of cybersecurity best practices that are developed based on ongoing analyses of cyber threat indicators, defensive measures, and information relating to cybersecurity threats or authorized uses under this subchapter, in the possession of the Federal Government, with attention to accessibility and implementation challenges faced by small business concerns (as defined in section 632 of title 15).

(b)(1)The procedures developed under subsection (a) shall—

(A)ensure the Federal Government has and maintains the capability to share cyber threat indicators and defensive measures in real time consistent with the protection of classified information;

(B)incorporate, to the greatest extent practicable, existing processes and existing roles and responsibilities of Federal entities and non-Federal entities for information sharing by the Federal Government, including sector specific information sharing and analysis centers;

(C)include procedures for notifying, in a timely manner, Federal entities and non-Federal entities that have received a cyber threat indicator or defensive measure from a Federal entity under this subchapter that is known or determined to be in error or in contravention of the requirements of this subchapter or another provision of Federal law or policy of such error or contravention;

(D)include requirements for Federal entities sharing cyber threat indicators or defensive measures to implement and utilize security controls to protect against unauthorized access to or acquisition of such cyber threat indicators or defensive measures;

(E)include procedures that require a Federal entity, prior to the sharing of a cyber threat indicator—

(i)to review such cyber threat indicator to assess whether such cyber threat indicator contains any information not directly related to a cybersecurity threat that such Federal entity knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual and remove such information; or

(ii)to implement and utilize a technical capability configured to remove any information not directly related to a cybersecurity threat that the Federal entity knows at the time of sharing to be personal information of a specific individual or information that identifies a specific individual; and

(F)include procedures for notifying, in a timely manner, any United States person whose personal information is known or determined to have been shared by a Federal entity in violation of this subchapter.

(2)In developing the procedures required under this section, the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General shall consult with appropriate Federal entities, including the Small Business Administration and the National Laboratories (as defined in section 15801 of title 42), to ensure that effective protocols are implemented that will facilitate and promote the sharing of cyber threat indicators by the Federal Government in a timely manner.

(c)Not later than 60 days after December 18, 2015, the Director of National Intelligence, in consultation with the heads of the appropriate Federal entities, shall submit to Congress the procedures required by subsection (a).

Reference

Citations & Metadata

Citation

6 U.S.C. § 1502

Title 6 — Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60