Inside Cybersecurity

January 27, 2023

Daily News

U.S. Chamber encourages CISA to seek ‘qualitative’ information in incident reports under upcoming mandatory regime

By Sara Friedman / November 30, 2022

Mandatory incident reports to CISA should be focused on “qualitative’ information, according to the U.S. Chamber of Commerce, which offers a proposal for information requirements based on legislative intent in the CIRICA law.

The Cyber Incident Reporting for Critical Infrastructure Act directs CISA to establish a mandatory regime where incidents must be reported within 72 hours and 24 hours for ransomware payments. CISA released a request for information in September to gather feedback from stakeholders on implementation.

“For the...

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.