Upcoming CISA incident reporting RFI raises opportunities for comment on big-picture issues

Industry sources are encouraged by CISA’s plans to get feedback on its mandatory incident reporting regime, starting with a request for information, while recognizing a significant portion of the work will revolve around harmonizing regulatory requirements across government.

Providing details on “definitions and the scoping of an incident” will be important, according to a banking industry source, emphasizing how CISA should focus on what is a “confirmed cyber incident versus something that you suspect may be an incident.” The incident...