Inside Cybersecurity

July 19, 2024

Daily News

CISA details plans to establish incident reporting exceptions under proposed rule, in line with other agencies’ requirements

By Sara Friedman / April 2, 2024

The Cybersecurity and Infrastructure Security Agency outlines plans to develop exceptions on an agency-by-agency basis for incident reporting requirements that meet substantially similar information needs, in a notice of proposed rulemaking to establish CISA’s regime for mandatory reporting required by a 2022 law.

The 2022 Cyber Incident Reporting for Critical Infrastructure Act directed CISA to create mandatory requirements for covered entities to report cyber incidents to the agency within 72 hours and 24 hours for ransom payments.

The law...

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.