Inside Cybersecurity

December 4, 2022

Daily News

Tech group identifies considerations to scope key definitions for CISA incident reporting regime

By Sara Friedman / November 23, 2022

The Information Technology Industry Council has outlined considerations for CISA to evaluate as the agency works through defining what a “covered entity” and “covered cyber incident” should be under its upcoming incident reporting regulation.

The Cyber Incident Reporting for Critical Infrastructure Act, known as “CIRCIA,” directs CISA to establish a mandatory regime where incidents must be reported within 72 hours and 24 hours for ransomware payments. The March law gives CISA 24 months to release a notice of proposed rulemaking,...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.