Tuesday, April 16, 2024

Review - CIRCIA NPRM – Cyber Incident Definitions

Earlier this month, CISA published the official version of their Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) (Division Y, PL 117-103) notice of proposed rulemaking (NPRM). This is part of a continuing series of posts looking at the proposed rulemaking. In this post I will be looking at how CISA is proposing to deal with the problem of implementing the CIRCIA mandated definitions relating to cyber incidents as it applies to these reporting requirements.

Previous posts in this series include:

CISA Publishes CIRCIA Support NPRM (non-subscription version), and

CIRCIA NPRM – Covered Entity (non-subscription version)

Statutory Definitions

CIRCIA provides legal definitions (6 USC 681)  for the following cyber incident related terms:

• Cyber incident, 

• Significant cyber incident, and

• Ransom payment

NPRM Definitions

The NPRM includes in the new Part 226, a section (§226.1) dealing with definitions used in the proposed regulation. Terms of importance leading to the definition of the term ‘covered incident’ include:

Information system,

Cyber incident, and

Substantial cyber incident

This leads to the rather simple definition of the term ‘covered cyber incident’ as any substantial cyber incident experienced by a covered entity.


For a more detailed look at these definitions, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/circia-nprm-8dd - subscription required.

No comments:

/* Use this with templates/template-twocol.html */