Stakeholders consider how to address ‘materiality’ threshold under CISA incident reporting regulation

Stakeholders at a recent event emphasized how CISA’s upcoming incident reporting regulation should address “materiality” differently than a controversial Securities and Exchange Commission proposed rule, because of the way the cyber agency plans to use the information.

“I don’t think materiality is the right threshold for CISA,” former Federal CISO Grant Schneider said. At the SEC, the focus is on a “potential investor” and what they would want to understand about the nature of an attack through a public disclosure,...