Trade associations request exception from upcoming CISA incident reporting requirements

Several trade associations have signed a letter led by the National Association of Manufacturers urging the Cybersecurity and Infrastructure Security Agency to provide an exception for reporting incidents to organizations that are member-focused and don’t operate critical infrastructure.

“The proposed rule’s definition of covered entity includes ‘any person, partnership, business, association, corporation, or other organization’ that operates ‘in a critical infrastructure sector.’ We are concerned that this broad definition, combined with the inclusion of ‘association’ in the list of entity...