Inside Cybersecurity

July 19, 2024

Daily News

Tech sector finds upcoming CISA incident reporting rule raises questions on addressing product security

By Sara Friedman / July 3, 2024

The technology sector raises several questions in its submission to the Cybersecurity and Infrastructure Security Agency on what constitutes a need for incident reporting under the upcoming mandatory regime, including how to address product security and potential reporting on vulnerabilities.

CISA’s sector-specific definition of a covered entity for information technology “seems to state that IT Sector companies must report substantial cyber incidents experienced through ‘the products’ of the covered entity. This is confusing, as a substantial cyber incident is defined...

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.