Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), as amended, requires the Cybersecurity and Infrastructure Security Agency (CISA) to promulgate regulations implementing the statute’s covered cyber incident and ransom payment reporting requirements for covered entities. CISA seeks comment on the proposed rule to implement CIRCIA’s requirements and on several practical and policy issues related to the implementation of these new reporting requirements.