CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act

Jim Garland, Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write:

On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  Written comments are requested on or before November 14, 2022 and may be submitted through the Federal eRulemaking Portal:


According to the Request for Information, CISA is particularly interested in public input regarding:

  • Definitions, criteria, and the scope of regulatory coverage, including the scope of covered entities and covered incidents;
  • Report contents and submission procedures, including when timing requirements for various reporting requirements will begin to run;
  • Other incident reporting requirements and security vulnerability information sharing; and
  • Additional policies, procedures, and requirements.

Read more at Inside Privacy.

About the author: Dissent

Comments are closed.