Inside Cybersecurity

April 12, 2024

Daily News

CISA outlines triggers for reporting cyber incidents in proposed rulemaking

By Sara Friedman / March 29, 2024

The Cybersecurity and Infrastructure Security Agency goes into detail on the triggers for reporting cyber incidents, including “reasonable belief,” and the need for supplemental reports, in a notice of proposed rulemaking posted Wednesday to implement a major incident reporting law.

The NPRM follows the timeframe requirement in the 2022 Cyber Incident Reporting for Critical Infrastructure Act of 72 hours for covered entities to report incidents to the agency, while laying out parameters on “reasonable belief” for when the clock should...

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.