March 29, 2023
CrowdStrike urges CISA to develop guidance for determining ‘reasonable belief’ in incident reporting regulation
CrowdStrike is proposing the creation of guidance to help critical infrastructure owners understand what should be considered “reasonable belief” to start the 72-hour reporting clock under CISA’s upcoming incident reporting regulation.
“Not all cyber incidents have the same level of severity and rise to the level of ‘substantial’ to be reported,” CrowdStrike argues in recent comments to CISA on the upcoming proposed rule.
The threat intelligence and incident response company uses an incident where an actor gains access but...