The Cybersecurity and Infrastructure Security Agency (CISA) plans to finalize a cybersecurity incident reporting rule in September that would require critical infrastructure entities to report major cyber incidents directly to CISA, according to a regulation document published last week.
This rule finalizes regulations to implement certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments.
Under the law, critical infrastructure entities would be required to report substantial cyber incidents to CISA within 72 hours and ransomware payments within 24 hours.
Read the rest of the story at MeriTalk.



