CISA goes on tour to get feedback on cyber incident reporting rules

The Cybersecurity and Infrastructure Security Agency is taking the development of landmark cyber incident reporting regulations on an 11-stop roadshow, as it seeks feedback on a number of key questions about the forthcoming rules. CISA previewed a request for information today on the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Under that law, passed earlier this year, the agency is developing regulations that will require critical infrastructure entities to report cyber incidents to CISA within 72 hours and ransomware attacks within 24 hours.