CISA aims to drive ‘benefit over burden’ for stakeholders in upcoming incident reporting regime

The Cybersecurity and Infrastructure Security Agency wants to be “transparent” as it works to develop a mandatory incident reporting regime, according to cyber head Eric Goldstein, who explained how his agency wants to encourage participation by providing value to stakeholders.

The incident reporting law gives CISA 24 months to craft a proposed rule and an additional 18 months to release the final rule. Director Jen Easterly last week announced CISA’s plan to release a request for information to gather...