Saturday, September 10, 2022

Review - CISA Publishes RFI for Cyber Incident Reporting Rule

CISA published a request for information in Monday’s (available on line today) Federal Register (87 FR 55833-55836) to support their development of a congressionally mandated rulemaking for cybersecurity incident reporting (CSIR) under §2242(b) of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022 (Division Y, PL 117-103, 136 STAT 1044). CISA has until March 15th, 2024 to publish a notice of proposed rulemaking (NPRM) to establish the CSIR regulations.

The RFI looks for public comments on the following categories of information:

Definitions, criteria, and scope of regulatory coverage,

Report Contents and Submission Procedures,

Other incident reporting requirements and security vulnerability information sharing, and

Additional policies, procedures, and requirements.

Public Comments

CISA is soliciting public comments on the RFI (duh). Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # CISA-2022-0010). Comments should be submitted by November 14th, 2022.

Public Meetings

In a separate Federal Register notice, CISA is providing information about a series of public meetings that will address the RFI topics. The cities currently included in the meeting list include:

Salt Lake City, Utah - September 21, 2022,

Atlanta, Georgia - September 28, 2022,

Chicago, Illinois - October 5, 2022,

Dallas/Fort Worth, Texas - October 5, 2022,

New York, New York - October 12, 2022,

Philadelphia, Pennsylvania - October 13, 2022,

Oakland, California - October 26, 2022,

Boston, Massachusetts - November 2, 2022,

Seattle, Washington - November 9, 2022, and

Kansas City, Missouri - November 16, 2022

Personnel wishing to attend one of these listening sessions may register via email (circia@cisa.dhs.gov). Registration will be accepted up to two days prior to the meeting date.

 

For more details about what CISA is looking for, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-publishes-rfi-for-cyber-incident - subscription required.


No comments:

 
/* Use this with templates/template-twocol.html */