WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced their plans to issue a Request for Information (RFI) soliciting public input on approaches to implementing the cyber incident reporting requirements pursuant to the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, which President Biden signed into law in March 2022. The RFI was published in the Federal Register on Monday, September 12, and gives the public 60 days to provide their written submissions.
CIRCIA requires CISA to develop and publish a Notice of Proposed Rulemaking (NPRM) for public comment and review, containing proposed regulations for cyber incident and ransom payment reporting. The RFI solicits input from the critical infrastructure community and other members of the public, and that input will inform the agency’s development of the proposed regulations.