CISA releases proposal on cyber reporting standards

March 28, 2024

The Cybersecurity and Infrastructure Security Agency published for public inspection its pending proposed rule that would require covered entities to report to CISA on covered cyber incidents and ransom payments.

Details: The proposal would establish rules on cyber incident and ransom payment reporting under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. That law requires critical infrastructure owners, including financial institutions, to report substantial cyberattacks to CISA within 72 hours and ransomware payments within 24 hours.

ICBA Advocacy: As advocated by ICBA, the law directs CISA to rapidly share information on cyber threats, harmonize regulations to avoid duplicative reporting requirements, and include trade associations in its rulemaking outreach, among other ICBA priorities.

Interested in discussing this and other topics? Network with and learn from your peers with the app designed for community bankers. Join the conversation with ICBA Community.

NewsWatch Today Contacts

Thomas Warren

Vice President, Communications

Nicole Swann

Vice President, Communications

CISA releases proposal on cyber reporting standards

NewsWatch Today Contacts

Related News

Agencies issue fact sheet on ‘Volt Typhoon’ risks

Agencies disrupt LockBit ransomware group

Agencies issue guidance on using AI securely

CISA issues emergency directive on Ivanti vulnerabilities