CIRCIA Rulemaking Team Lead

1670-AA04 202504 Unified Agenda of Federal Regulatory and Deregulatory Actions 1670 Cybersecurity and Infrastructure Security Agency CISA 1600 Department of Homeland Security DHS Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements

The Cybersecurity and Infrastructure Security Agency (CISA) will finalize regulations to implement certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments. CIRCIA requires CISA to publish a Notice of Proposed Rulemaking (NPRM) within 24 months of the date of enactment of CIRCIA as part of the process for developing these regulations. CISA published the NPRM on April 4, 2024

]]> Economically Significant Previously Published in The Unified Agenda Final Rule Stage Yes No Fully or Partially Exempt 6 CFR 226 6 U.S.C. 681 et seq. Statutory Final 10/04/2025 Final Rule Statutory NPRM 03/15/2024 Notice of Proposed Rulemaking Yes NPRM 04/04/2024 89 FR 23644 NPRM Comment Period Extended 05/06/2024 89 FR 37141 NPRM Correction 06/03/2024 89 FR 47471 NPRM Comment Period End 06/03/2024 NPRM Comment Period Extended End 07/03/2024 Final Rule 05/00/2026 Undetermined Undetermined No https://www.regulations.gov https://www.regulations.gov No No Todd Klessman CIRCIA Rulemaking Team Lead 1670 Cybersecurity and Infrastructure Security Agency CISA 202 964-6869 circia@cisa.dhs.gov CISA - CHR Mailstop 0609, 1310 N Courthouse Road, Arlington VA 20598-0609