CISA says rulemaking work is underway on incident reporting requirements, urges industry engagement

CISA is in the early stages of rulemaking to implement a new cyber incident reporting requirement, according to a spokesperson, who said the agency is seeking extensive industry input on the regulation while encouraging voluntary reports on attacks and suspicious activity in “the current threat environment.”

“We are beginning the required rulemaking process to implement the statute. This will include a public comment period, during which CISA welcomes input to ensure that the proposed rule benefits from the perspectives of...