Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking (NPRM) from the Cybersecurity and Infrastructure Security Agency (CISA) on “Cyber Incident Reporting for Critical Infrastructure Act Regulations”. The NPRM was submitted to OIRA on January 2nd, 2024. CISA published a request for information supporting this rulemaking on September 12th, 2022. This rulemaking implements the requirements of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)
According to the Fall 2023 Unified Agenda entry for this rulemaking:
“The Cybersecurity and Infrastructure Security Agency (CISA) will propose regulations to implement certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) [Div Y of PL 117-103]. Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments. CIRCIA requires CISA to publish a Notice of Proposed Rulemaking (NPRM) within 24 months of the date of enactment of CIRCIA as part of the process for developing these regulations. CISA previously issued a Request for Information on September 12, 2022, and held a series of listening sessions seeking public input on potential aspects of the proposed regulation prior to publication of the NPRM.”
We could see this NPRM published in the Federal Register
this coming week.
No comments:
Post a Comment