CISA considers alternatives to proposed mandatory incident reporting rule through regulatory impact analysis report

The Cybersecurity and Infrastructure Security Agency goes into detail on expected costs to implement its upcoming mandatory incident reporting regime for critical infrastructure in a required regulatory impact analysis report and also explores alternatives to the agency’s proposed rule published on April 4.

“This Preliminary RIA estimates the costs of complying with the proposed requirements for an affected population of 316,244 Covered Entities over the period of analysis. The main cost drivers of this proposed rule are the initial costs...