Unclassified Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015 [open pdf - 2MB]
From the Executive Summary: "On December 18, 2015, Congress passed Public Law 114-113, the 'Consolidated Appropriations Act, 2016', which includes Title I - the 'Cybersecurity Information Sharing Act of 2015' (the Statute). The Statute was established to improve cybersecurity in the United States through enhanced sharing of cyber threat information. The Statute creates a framework to facilitate and promote the voluntary sharing of cyber threat indicators and defensive measures among and between Federal and non-Federal entities. The Statute requires the inspectors general of the 'appropriate Federal entities,' defined as the Departments of Commerce, Defense, Energy, Homeland Security, Justice, and the Treasury, and the Office of the Director of National Intelligence (ODNI), 'in consultation with the Inspector General of the Intelligence Community and the Council of Inspectors General on Financial Oversight,' to jointly report to Congress by December 18--every two years--on the actions taken over the most recent two-year period to carry out the Statute. [...] The OIGs [Offices of the Inspectors General] determined that sharing of cyber threat indicators and defensive measures has improved over the past two years and efforts are underway to expand accessibility to information. Sharing cyber threat indicators and defensive measures increases the amount of information available for defending systems and networks against cyber attacks."
Office of the Inspector General of the Intelligence Community AUD-2019-005-U
U.S. Department of Justice, Office of the Inspector General: https://oig.justice.gov/