The Cybersecurity and Infrastructure Security Agency (CISA) plans to host a public listening session in Washington, D.C. on Oct. 19 to get input on forthcoming proposed regulations to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA).
CIRCIA – signed into law by President Biden on March 2022 – requires CISA to develop and implement regulations requiring covered entities to report cyber incidents and ransomware payments to the government.
The Oct. 19 session will allow interested parties to provide feedback to the agency on how it writes the regulations that implement the law. On Sept. 12 CISA published a notice in the Federal Register intended to serve as an additional means for interested parties to provide input to CISA.
Several public listening sessions are scheduled for the remainder of the year at several locations throughout the United States.
“[The] public input from our critical infrastructure partners will help us understand how we can implement the new cyber incident reporting legislation in the most effective way possible to protect the nation’s critical infrastructure,” the agency said on its site.
CISA is particularly interested in input on definitions for, and interpretations of, the terminology to be used in the proposed regulations, as well as the form, manner, content, and procedures for submission of reports required under CIRCIA.
In addition, CISA is also interested in information regarding other incident reporting requirements and other policies and procedures, such as enforcement procedures and information protection policies, required for the implementation of regulations.