CISA published a correction to their Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) notice of proposed rulemaking in Monday’s (available on line today) Federal Register (89 FR 47471-47472). This correction addresses the issue of the definition of ‘covered entity’ for “for pipeline facilities and systems” as outlined in CISA’s April 4th, 2024 NPRM.
Monday’s ‘correction’ would change the NPRM entry for §226.2(b)(14)(iv) to read:
“(iv) A pipeline facility or system owner or operator required to report cyber incidents by the Transportation Security Administration;”
With this correction being made to April’s NPRM, the comment
period (which was to
end on Monday, June 3rd, 2024) has been extended to July 3rd,
2024. I would not be surprised to see requests for a further extension of that
time. Comments may be submitted through the Federal eRulemaking Portal (www.regulations.gov; Docket # CISA-2022-0010).
For more information on this correction, including a look at
why CISA had to make the change, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-publishes-circia-nprm-correction
- subscription required.
No comments:
Post a Comment