Outlook for 2023: Incident reporting regulations, national cyber strategy and CMMC program launch

Multiple agencies are expected to act on incident reporting requirements in the new year as work to digest industry feedback continues at the SEC and CISA, while changes to federal acquisition regulations from the 2021 cyber executive order are coming along with the release of the long-awaited national cyber strategy.

The Securities and Exchange Commission will reveal next steps on its controversial proposal to require publicly traded companies to disclose cyber incidents and report on the roles of management...