CISA incident reporting lead emphasizes need for feedback on definitions in upcoming proposed rule

CISA official Lauren Boas Hayes emphasized the importance of getting input from stakeholders when the agency releases a proposed rule to implement its mandatory incident reporting regime for critical infrastructure owners at a Thursday event.

The 2022 Cyber Incident Reporting for Critical Infrastructure Act directs CISA to develop and publish a notice of proposed rulemaking within 24 months. Boas Hayes said the Cybersecurity and Infrastructure Security Agency is on track to meet the March 2024 deadline.

CISA has been dedicated...