Inside Cybersecurity

August 14, 2022

Daily News

Credit union regulator proposes 72-hour incident reporting rule, sets requirements for third-party vendors

By Charlie Mitchell / July 26, 2022

The National Credit Union Administration has issued a proposal to require firms under its jurisdiction to report cybersecurity incidents within 72 hours, matching the timeline in a new law for certain critical infrastructure operators but deciding to move ahead of a CISA rulemaking to implement the law given the severity of the threat.

“The [NCUA] Board believes that it would be imprudent in light of the increasing frequency and severity of cyber incidents to postpone a notification requirement until after...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.