Inside Cybersecurity

March 29, 2024

Daily News

Cyber incident reporting legislation sets up two-year timeframe to craft proposed rule, establish terminology

By Sara Friedman / March 15, 2022

The Cybersecurity and Infrastructure Security Agency will be required to release a notice of proposed rulemaking within 24 months detailing policies for reporting cyber incidents, ransomware payments, and follow-up reports when “substantial new or different information becomes available,” under landmark legislation approved by Congress last week.

The Cyber Incident Reporting for Critical Infrastructure Act sets up strict time requirements for reporting incidents and ransomware payments, while leaving room for CISA to establish policies detailing what should be considered a...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.