E Point Perfect
Law \ Legal

CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act

[ad_1]

On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  Written comments are requested on or before November 14, 2022 and may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov.

Overview of CIRCIA.  CIRCIA was signed into law on March 15, 2022 and establishes two cyber incident reporting requirements for covered critical infrastructure entities:

  1. A 24-hour requirement to report any ransomware payments to CISA; and
  2. A 72-hour requirement to report all covered cyber incidents to CISA

These requirements will take effect upon the issuance of implementing regulations from the Director of CISA.  The Act directs CISA to issue a Notice of Proposed Rulemaking (“NPRM”) within 24 months of the date of enactment to implement the Act’s requirements, and to issue a final rule within 18 months of issuing the NPRM.

Request for Information.  CISA is seeking public comment through its Request for Information on potential aspects of the proposed regulation prior to publication of the NPRM.  According to the Request for Information, CISA is particularly interested in public input regarding:

  • Definitions, criteria, and the scope of regulatory coverage, including the scope of covered entities and covered incidents;
  • Report contents and submission procedures, including when timing requirements for various reporting requirements will begin to run;
  • Other incident reporting requirements and security vulnerability information sharing; and
  • Additional policies, procedures, and requirements.

Looking Ahead.  As noted, written comments are requested on or before November 14, 2022. Submissions received after that date may not be considered.  Comments may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov. CISA will also be hosting public listening sessions throughout the comment period as an additional means for interested parties to provide input. 

[ad_2]

Source link

Related posts

Florence Autumn Competition Conference – LexBlog

Wild Cherry Capri Sun recalled after consumer complaints of chemical taste

Certiorari Granted to Jack Daniel’s with Respect to Parody Dog Toy: Does Anyone Here Have a Sense of Humor, and Does it Matter?

Update on the California Privacy Protection Agency: Still No Date Certain for the CPRA Regulations

Uncommon bacteria found in Gulf area by Mississippi-CDC investigation

More than 200 backpackers and rafters sickened in Grand Canyon National Park backcountry