CISA 2015 expiration: what it means for IAM and threat sharing

TL;DR: The expiration of CISA 2015 removes legal protections that helped critical infrastructure organisations share cyber threat indicators, increasing hesitation, liability concerns, and intelligence gaps across healthcare, manufacturing, and state and local government, according to Imprivata. Shared access, vendor ecosystems, and privileged identity controls now sit inside a less coordinated defence model where delay becomes exposure.

NHIMG editorial — based on content published by Imprivata: Cybersecurity leaders urge action as CISA 2015 expiration creates gaps in cyber intelligence sharing

By the numbers:

• For nearly a decade, CISA 2015 provided legal protections that encouraged companies to share cyber threat indicators with the federal government and each other.

Questions worth separating out

Q: How should organisations respond when cyber threat sharing becomes legally riskier?

A: They should shift from assuming outside warning to proving internal control.

Q: Why do vendor-heavy environments feel the impact of reduced threat intelligence faster?

A: Because third-party access multiplies the number of identities, sessions, and trust relationships that must be monitored.

Q: What do security teams get wrong about zero trust in a reduced-sharing environment?

A: They often treat zero trust as a replacement for external visibility instead of a backstop.

Practitioner guidance

• Reassess intelligence-sharing legal posture Review whether your organisation’s cyber threat sharing workflows still have clear legal approval, liability boundaries, and antitrust guidance.
• Tighten third-party identity governance Revalidate vendor, contractor, and service access across shared workstations and mobile devices, with specific focus on revocation timing, privilege scope, and traceability.
• Use PAM to reduce response lag Prioritise privileged session monitoring and just-enough access for environments where delayed intelligence would otherwise widen the blast radius.

What's in the full article

Imprivata's full article covers the operational detail this post intentionally leaves for the source:

• The specific ways CISA 2015’s expiration changes cyber threat sharing behaviour across sectors.
• The article's discussion of liability concerns, antitrust fears, and why organisations may hesitate to share indicators.
• The implications for healthcare, manufacturing, and state and local government environments that depend on vendor and contractor access.
• The source's closing guidance on zero trust and identity and access management as compensating controls.

👉 Read Imprivata’s analysis of CISA 2015 expiration and cyber intelligence sharing →

CISA 2015 expiration: what it means for IAM and threat sharing?

Explore further

View Full Forum →  |  NHI Foundation Course →