View Rule
| View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
| DHS/CISA | RIN: 1670-AA04 | Publication ID: 2026 |
| Title: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements | |
|
Abstract:
The Cybersecurity and Infrastructure Security Agency (CISA) will finalize regulations to implement certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments. CISA published the NPRM on April 4, 2024. CISA received significant public comments on the proposed rule, many of which emphasized the need to reduce the scope and burden of the proposed reporting requirements, improve harmonization of CIRCIA with other federal cyber incident reporting requirements, and clarify terms. CISA is considering the public comments and examining options for the rulemaking. Additional information about this rulemaking is available at www.cisa.gov/circia. |
|
| Agency: Department of Homeland Security(DHS) | Priority: Other Significant |
| RIN Status: Previously published in the Unified Agenda | Agenda Stage of Rulemaking: Final Rule Stage |
| Major: Yes | Unfunded Mandates: No |
| EO 14192 Designation: Fully or Partially Exempt | |
| CFR Citation: 6 CFR 226 | |
| Legal Authority: 6 U.S.C. 681 et seq. | |
Legal Deadline:
|
|||||||||||||||||||||
|
Statement of Need: Congress directed CISA to promulgate regulations requiring covered entities to report covered cyber incidents and ransom payments to CISA. |
|||||||||||||||||||||
|
Summary of the Legal Basis: This regulation is statutorily mandated by 6 U.S.C. 681 et seq. |
|||||||||||||||||||||
|
Anticipated Costs and Benefits: CISA is continuing to assess the anticipated costs and benefits of the final rule. |
|||||||||||||||||||||
Timetable:
|
| Regulatory Flexibility Analysis Required: YES | Government Levels Affected: Local, State, Tribal |
| Small Entities Affected: Businesses, Governmental Jurisdictions, Organizations | Federalism: No |
| Included in the Regulatory Plan: Yes | |
| RIN Information URL: https://www.regulations.gov | Public Comment URL: https://www.regulations.gov |
| RIN Data Printed in the FR: Yes | |
|
Agency Contact: Todd Klessman CIRCIA Rulemaking Team Lead Department of Homeland Security Cybersecurity and Infrastructure Security Agency CISA - WB2 Stop 0612, 4200 Wilson Blvd., Arlington, VA 20598-0612 Phone:202 964-6869 Email: circia@cisa.dhs.gov |
|
An official website of the United States government




