CISA rulemaking reveals proposed plans for key definitions in upcoming incident reporting regime

CISA’s notice of proposed rulemaking for mandatory cyber incident reporting goes into depth on proposed definitions, impacts that would trigger reporting and the applicability of who could be considered a covered entity.

The NPRM is based on parameters established by Congress in the 2022 Cyber Incident Reporting for Critical Infrastructure Act to develop the regulation and tailors the definitions and reporting requirements in the law to meet CISA’s needs for reports that will enable effective two-way information sharing, intelligence...