View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

DHS/CISA RIN: 1670-AA04 Publication ID: Spring 2023 
Title: ●Cybersecurity Incident Reporting for Critical Infrastructure Act Regulations 

The Cybersecurity and Infrastructure Security Agency (CISA) will propose regulations to implement certain aspects of the Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments.  CIRCIA requires CISA to publish a Notice of Proposed Rulemaking (NPRM) within 24 months of the date of enactment of CIRCIA as part of the process for developing these regulations.  CISA previously issued a Request for Information on September 12, 2022, and held a series of listening sessions seeking public input on potential aspects of the proposed regulation prior to publication of the NPRM.

Agency: Department of Homeland Security(DHS)  Priority: Other Significant 
RIN Status: First time published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: Undetermined  Unfunded Mandates: Undetermined 
CFR Citation: 6 CFR 26   
Legal Authority: 6 U.S.C. 681 et seq.   
Legal Deadline:
Action Source Description Date
NPRM  Statutory  Notice of Proposed Rulemaking  03/15/2024 
Final  Statutory  Final Rule  09/15/2025 
Action Date FR Cite
NPRM  03/00/2024 
Regulatory Flexibility Analysis Required: Undetermined  Government Levels Affected: Undetermined 
Federalism: Undetermined 
Included in the Regulatory Plan: No 
RIN Information URL:   Public Comment URL:  
RIN Data Printed in the FR: No 
Agency Contact:
Todd Klessman
CIRCIA Rulemaking Team Lead
Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
CISA - CHR Mailstop 0609, 1310 N Courthouse Road,
Arlington, VA 20598-0609
Phone:202 964-6869