16.9 C
New York
June 5, 2023
E Point Perfect – Interesting and beneficial content
Law \ Legal

CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act

by 0129

[ad_1]

On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  Written comments are requested on or before November 14, 2022 and may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov.

Overview of CIRCIA.  CIRCIA was signed into law on March 15, 2022 and establishes two cyber incident reporting requirements for covered critical infrastructure entities:

  1. A 24-hour requirement to report any ransomware payments to CISA; and
  2. A 72-hour requirement to report all covered cyber incidents to CISA.

These requirements will take effect upon the issuance of implementing regulations from the Director of CISA.  The Act directs CISA to issue a Notice of Proposed Rulemaking (“NPRM”) within 24 months of the date of enactment to implement the Act’s requirements, and to issue a final rule within 18 months of issuing the NPRM.

Request for Information.  CISA is seeking public comment through its Request for Information on potential aspects of the proposed regulation prior to publication of the NPRM.  According to the Request for Information, CISA is particularly interested in public input regarding:

  • Definitions, criteria, and the scope of regulatory coverage, including the scope of covered entities and covered incidents;
  • Report contents and submission procedures, including when timing requirements for various reporting requirements will begin to run;
  • Other incident reporting requirements and security vulnerability information sharing; and
  • Additional policies, procedures, and requirements.

Looking Ahead.  As noted, written comments are requested on or before November 14, 2022. Submissions received after that date may not be considered.  Comments may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov.

CISA will also be hosting public listening sessions throughout the comment period as an additional means for interested parties to provide input. 

[ad_2]

Source link

Related posts

FCC Proposes Fine Against Q Link for Improper EBB Program Disbursements

Legal Bloggers May Have Unique Identification Number

DDTC Issues New ITAR Compliance Guidelines

Alberta OIPC’s 2022 PIPA Breach Report – Trends and Key

Five Reminders About Meal and Rest Breaks for California Employers

Louisiana Approves Virtual Custody Services and Proposes Virtual Currency Business Licensing Rules

@2018 - PenNews. All Right Reserved. Designed and Developed by PenciDesign