CISA Eyes September Date for Final Cyber Incident Reporting Rule

The regulation would require critical infrastructure entities to report major cyber incidents and ransomware payments to the federal cyber defense agency under a 2022 law

The Cybersecurity and Infrastructure Security Agency (CISA) plans to finalize a cybersecurity incident reporting rule in September that would require critical infrastructure entities to report major cyber incidents directly to CISA, according to a regulation document published last week.

This rule finalizes regulations to implement certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments.

Under the law, critical infrastructure entities would be required to report substantial cyber incidents to CISA within 72 hours and ransomware payments within 24 hours.

Read the rest of the story at MeriTalk.

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles