Naomi Cooper
The Cybersecurity and Infrastructure Security Agency is soliciting input from critical infrastructure owners and operators on the development of proposed cyber incident and ransom payment reporting requirements.
CISA said Friday it seeks comments on how to implement requirements in line with the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was signed into law in March to ensure that operators provide timely reports of cybersecurity incidents to authorities.
In a request for information posted Monday on the Federal Register, CISA said it wants the critical infrastructure community to submit feedback on the definitions and interpretations of the terminology to be used in the CIRCIA regulations as well as the content and procedures for submission of reports.
“We can’t defend what we don’t know about and the information we receive will help us fill critical information gaps that will inform the guidance we share with the entire community, ultimately better defending the nation against cyber threats,” said Jen Easterly, director of CISA and a 2022 Wash100 awardee.
CISA will hold a series of listening sessions to gather in-person input from the critical infrastructure industry.
Responses to the RFI are due Nov. 14.
