Stakeholders see opportunity for harmonization in CISA proposed rulemaking for mandatory incident reporting

The release of CISA’s long-awaited, 447-page notice of proposed rulemaking offers an opportunity to establish requirements for reporting that will improve the agency’s visibility into cyber incidents, while also raising concerns from stakeholders over compliance costs and potential burdens.

“We commend CISA for its work in issuing the NPRM for the Cyber Incident Reporting for Critical Infrastructure Act and for its efforts to engage stakeholders early on in the process. Establishing a mandatory cyber incident reporting framework is an enormous...