Yesterday, the OMB’s Office of Information and Regulatory Affairs announced that it had received a notice of proposed rulemaking (NPRM) from CISA on Cyber Incident Reporting for Critical Infrastructure Act Regulations. CISA published a request for information (removed from paywall) supporting this rulemaking on September 12th, 2022.
According to the Fall 2023 Unified Agenda entry for this
rulemaking:
The Cybersecurity and
Infrastructure Security Agency (CISA) will propose regulations to implement
certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act
of 2022 (CIRCIA). Specifically, CIRCIA
directs CISA to develop and implement regulations requiring covered entities to
submit reports to CISA regarding covered cyber incidents and ransom
payments. CIRCIA requires CISA to
publish a Notice of Proposed Rulemaking (NPRM) within 24 months of the date of
enactment of CIRCIA as part of the process for developing these
regulations. CISA previously issued a
Request for Information on September 12, 2022, and held a series of listening
sessions seeking public input on potential aspects of the proposed regulation
prior to publication of the NPRM.
The CIRCIA deadline for publishing this NPRM is March 15th,
2024.
Posts
No comments:
Post a Comment