Inside Cybersecurity

May 18, 2022

Daily News

Mayorkas: Mandatory CISA incident reporting timeframe needs to consider ‘burden’ on critical infrastructure owners

By Sara Friedman / April 28, 2022

The Cybersecurity and Infrastructure Security Agency is taking a close look at the 72-hour incident reporting clock as it crafts a proposed rulemaking for the mandatory regime recently authorized by Congress, Homeland Security Secretary Alejandro Mayorkas testified in front of a key House committee.

The incident reporting law pertains to critical infrastructure owners and directs CISA to publish a notice of proposed rulemaking within 24 months. The 72-hour clock for a “covered entity” to report an incident starts “not...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.