What the CISA Reporting Rule Means for Your IT Security Protocol
Dec 02, 2022
Incident Reporting / Password Policy
The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than 24 months from the enactment of CIRCIA, which the President signed into law in March . The sessions and NPRM are steps toward creating the new rule. CISA is soliciting expert opinion on what to include in a report but is taking steps to implement the change soon. Here's what that change means for businesses in the US and what you can do about it now. Overview of the CISA reporting rule Owners and operators of critical infrastructure must file cyber incident reports with CISA within 72 hours . They must report ransom payments for ransomware attacks within 24 hours . Other businesses can take part voluntarily. The CISA D...
