Skip to content

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

Posted by: GuidePoint Security

< 1 min read

December 15, 2025 – Published on Nexus

For enterprise security teams, the threat intelligence sharing calendar is ticking down again.

On Jan. 30, 2026, the Cybersecurity Information Sharing Act of 2015 (CISA 2015) expires—once more. For chief information security officers already managing near impossible expectations with finite budgets, this deadline represents more than legislative drama. The deadline signals a fundamental shift in how enterprises conduct threat defense, share intelligence, and protect critical systems.

The outlook is not good. When CISA 2015 expired on Sept. 30, many reported that some cyber threat information flows slowed or stopped, as the statutory protections against antitrust liability, regulatory enforcement action, FOIA disclosure, and Computer Fraud and Abuse Act exposure expired.

“We’re not operating in a complete void. The uncertainty [this situation has created] itself is the problem,” said Timothy Amerson, federal strategic advisor at cybersecurity advisory GuidePoint Security. “Security teams cannot build sustainable programs around 60-day extensions. Congressional leadership needs to provide long-term clarity so enterprises can plan accordingly,” he said.

Read More HERE.

Categories: Governance, Risk & Compliance
Tags:cybersecurityFederal

GuidePoint Security

Understanding the Cybersecurity Information Sharing Act (CISA) Expiration
The Cybersecurity Information Sharing Act of 2015 (CISA) was a piece of legislation designed to improve cybersecurity in the United […]
View Page

Related Articles

View All

  • Blog
Understanding the Cybersecurity Information Sharing Act (CISA) Expiration
Posted by: Brent Kelley
Read More 5 min read
Government Solutions
Read More 4 min read
  • Cybersecurity
GPSEC® Public Sector
Read More < 1 min read