ITI wants clarity from CISA on use of information collected through incident reporting regulation

The Cybersecurity and Infrastructure Security Agency should provide information upfront on how it plans to use incident reporting details shared under the upcoming mandatory regulation, according to the Information Technology Industry Council.

CISA issued a request for information in September to get input from stakeholders on its incident reporting regulation. The incident reporting law passed in March gives CISA 24 months to release a notice of proposed rulemaking and additional 18 months for the final rule.

ITI members want...