In the 109^th Congress, the Chairman of the House Subcommittee on Technology and Information Policy, Adam Putnam (R-FL), circulated legislation that called for a broad system of regulation, similar to the Sarbanes-Oxley (SOX) legislation, to be applied to information security.  ISAlliance was one of a number of organizations that led the charge in stopping that proposal from moving forward.

Chairman Putnam agreed to withdraw his bill, but threatened to reintroduce it if industry could not find another path to achieve improved cyber security.  He then created the congressionally appointed Corporate Information Security Working Group (CISWG) and named the ISAlliance and three ISAlliance member companies, AIG, Verizon, and NAM, to the CISWG Executive Board.  Moreover, ISAlliance, along with AIG, was asked to Chair the Working Group on Incentives, Liability, and Safe Harbors.

The Working Group presented two reports:  the CISWG Incentives Report and the CISWG Liability Report. The first outlines a broad program of a dozen different incentive models that can be used more effectively than regulatory mandates. The second report provides increased depth and discusses how areas like liability reform and safe harbors can be used rather than rely on federal regulations.

At the end of the Congressional session Chairman Putnam opened a hearing on cyber security by praising the ISAlliance for these efforts, and wrote that:

"The corresponding recommendations have provided valuable information and have already produced a variety of initiatives that have made a measurable difference."