This work is already underway.ĬISA is committed to receiving inputs into the NPRM from other stakeholders as well, such as critical infrastructure owners and operators and other members of the potentially regulated community, while maintaining the rulemaking schedule required by statute. CIRCIA also mandates that CISA consult with various entities throughout the rulemaking process, including Sector Risk Management Agencies, the Department of Justice, other appropriate Federal agencies, and a soon-to-be formed, DHS-chaired Cyber Incident Reporting Council. CIRCIA requires CISA to develop and publish a Notice of Proposed Rulemaking (NPRM), which will be open for public comment, and a Final Rule. These new authorities are regulatory in nature and require CISA to complete mandatory rulemaking activities before the reporting requirements go into effect. These reports will allow CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.
Enactment of CIRCIA marks an important milestone in improving America’s cybersecurity by, among other things, requiring the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments to CISA.
In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
0 kommentar(er)
