March 29, 2024
Daily News
Cyber incident reporting legislation sets up two-year timeframe to craft proposed rule, establish terminology
The Cybersecurity and Infrastructure Security Agency will be required to release a notice of proposed rulemaking within 24 months detailing policies for reporting cyber incidents, ransomware payments, and follow-up reports when “substantial new or different information becomes available,” under landmark legislation approved by Congress last week.
The Cyber Incident Reporting for Critical Infrastructure Act sets up strict time requirements for reporting incidents and ransomware payments, while leaving room for CISA to establish policies detailing what should be considered a...