View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

DHS/CISA RIN: 1670-AA04 Publication ID: Spring 2024 
Title: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements 
Abstract:

The Cybersecurity and Infrastructure Security Agency (CISA) will finalize regulations to implement certain aspects of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).  Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments.  CIRCIA requires CISA to publish a Notice of Proposed Rulemaking (NPRM) within 24 months of the date of enactment of CIRCIA as part of the process for developing these regulations.  CISA previously issued a Request for Information on September 12, 2022, and held a series of listening sessions seeking public input on potential aspects of the proposed regulation prior to publication of the NPRM. On April 4, 2024, CISA published the NPRM with a 60-day open comment period to solicit public feedback on the proposed regulations. On May 6, 2024, CISA extended the public comment period for an additional 30 days ending the comment period on July 3, 2024.

 
Agency: Department of Homeland Security(DHS)  Priority: Section 3(f)(1) Significant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: Yes  Unfunded Mandates: No 
CFR Citation: 6 CFR 226   
Legal Authority: 6 U.S.C. 681 et seq.   
Legal Deadline:
Action Source Description Date
NPRM  Statutory  Notice of Proposed Rulemaking  03/15/2024 
Final  Statutory  Final Rule  10/04/2025 
Timetable:
Action Date FR Cite
NPRM  04/04/2024  89 FR 23644   
NPRM Comment Period Extended  05/06/2024  89 FR 37141   
NPRM Correction  06/03/2024  89 FR 47471   
NPRM Comment Period End  06/03/2024 
NPRM Comment Period Extended End  07/03/2024 
Final Rule  10/00/2025 
Regulatory Flexibility Analysis Required: Undetermined  Government Levels Affected: Undetermined 
Federalism: No 
Included in the Regulatory Plan: No 
RIN Information URL: https://www.regulations.gov   Public Comment URL: https://www.regulations.gov  
RIN Data Printed in the FR: No 
Agency Contact:
Todd Klessman
CIRCIA Rulemaking Team Lead
Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
CISA - CHR Mailstop 0609, 1310 N Courthouse Road,
Arlington, VA 20598-0609
Phone:202 964-6869
Email: circia@cisa.dhs.gov