CISA Requesting Comments
The Federal Cybersecurity and Infrastructure Security Agency (CISA) has issued a Request for Information (RFI) and notice of public listening sessions in connection with the Federal Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), signed into law by President Joe Biden earlier this year. Written comments can be made at http://regulations.gov, under Docket ID: CISA-2022-0010. Written comments are required on or before November 14, 2022.
A CIRCIA fact sheet can be viewed here. CIRCIA requires CISA to develop and implement regulations that will require specified covered entities (a broad range of critical infrastructure) to report covered cyber incidents and ransom payments to CISA. As described by CISA: “…the information we receive pursuant to CIRCIA will help us fill critical information gaps that will inform the guidance we share with the entire community, ultimately better defending the nation against cyber threats.”
CISA is required to formally institute a rulemaking process under CIRCIA within 24 months of its enactment. However, prior to engaging in its formal rulemaking process, CISA is seeking input from a wide range of critical infrastructure stakeholders to better inform its rulemaking process.
CISA summarizes the input it is soliciting from stakeholders as follows:
While CISA welcomes input on other aspects of CIRCIA's regulatory requirements, CISA is particularly interested in input on definitions for and interpretations of the terminology to be used in the proposed regulations; the form, manner, content, and procedures for submission of reports required under CIRCIA; information regarding other incident reporting requirements including the requirement to report a description of the vulnerabilities exploited; and other policies and procedures, such as enforcement procedures and information protection policies, that will be required for implementation of the regulations.
Complete information on the Request for Information, and more specific details on the types of information sought by CISA, can be found here.
CISA will be hosting a number of listening sessions seeking input from stakeholders (information can be found here). DHS is also leading a Cyber Incident Reporting Council to identify ways to harmonize existing federal cyber incident reporting. This work is anticipated to inform the CIRCIA rulemaking process.
Questions about the process may be sent to CISA at: CIRCIA@cisa.dhs.gov. Additional information about CIRCIA, the RFI, and the listening sessions (including dates, locations, and registration information) can be found here.
Stay tuned to eNews and Advocacy News for relevant updates about this rulemaking process, as well as any comments submitted by CSDA.
#Airport
#Transit
#Water
#RecycledWaterandSewer
#AdvocacyNews
#FeatureNews
#Broadband
#Energy/Utility
#EnvironmentandDisasterPreparedness
#Insurance
#PortandHarbor
#PublicWorksandFacilities