Inside Cybersecurity

December 4, 2022

Daily News

Industry info-sharing groups express concerns over additional burden on companies through CISA reporting regime

By Sara Friedman / November 17, 2022

Three information sharing groups who represent critical infrastructure sectors say CISA needs to consider the potential burden new mandatory incident reporting requirements will put on industry and focus on asking for details that will help companies in return.

The Cyber Incident Reporting for Critical Infrastructure Act, known as “CIRCIA,” directs CISA to establish a mandatory regime where incidents must be reported within 72 hours and 24 hours for ransomware payments. The March law provides 24 months to issue the notice...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.