CISA requests $115.9 million in fiscal 2025 budget to support mandatory incident reporting regime

The Cybersecurity and Infrastructure Security Agency asks for $115.9 million in fiscal 2025 to implement its upcoming mandatory incident reporting regime, as part of the agency’s total $3 billion request in funding for the upcoming fiscal year.

The 2022 Cyber Incident Reporting for Critical Infrastructure Act directs CISA to establish a mandatory regime where covered entities will need to report incidents within 72 hours and 24 hours for ransom payments. CISA is required to issue a proposed rule to implement...