Tuesday, September 19, 2023

CISA Publishes Report on Harmonizing Cyber Incident Reporting

Today, CISA announced that the Agency had published their congressionally mandated report on “Harmonization of Cyber Incident Reporting to the Federal Government”. The report was required by §107(d) of the Cyber Incident Reporting for Critical Infrastructure Act OF 2022 (Division Y, Public Law No: 117-103). The report is 107 pages long.

Congress required CISA to prepare a report for Congress on ‘Harmonization of Reporting Regulations’. That report was supposed to include:

• A list of duplicative Federal cyber incident reporting requirements on covered entities,

• A description of any challenges in harmonizing the duplicative reporting requirements,

• Any actions the Director intends to take to facilitate harmonizing the duplicative reporting requirements, and

• Any proposed legislative changes necessary to address the duplicative reporting.

CISA’s announcement of the report noted that:

“To develop these recommendations, the Cyber Incident Reporting Council analyzed over 50 different federal cyber incident reporting requirements and engaged with numerous industry and private sector stakeholders,” said DHS Under Secretary for Policy and CIRC Chair Robert Silvers. “It is imperative that we streamline these requirements. Federal agencies should be able to receive the information they need without creating duplicative burdens on victim companies that need to focus on responding to incidents and taking care of their customers. We look forward to working with Congress and across the Executive Branch to implement these recommendations.”

No comments:

/* Use this with templates/template-twocol.html */