New CISA incident reporting draft rule deemed excessive

Despite being crucial in bolstering cyber awareness, the Cybersecurity and Infrastructure Security Agency's cyber incident reporting draft rule — which would mandate critical infrastructure entities to make cyber incident and ransomware disclosures within a 72- and 24-hour period, respectively — has been regarded by trade groups and lawmakers to increase burdens not only on smaller organizations but also CISA itself, CyberScoop reports.

agency awareness cisa critical critical infrastructure critical-infrastructure-security cyber cyber awareness cyber incident cybersecurity disclosures draft entities governance risk and compliance incident incident reporting infrastructure infrastructure security lawmakers ot security period ransomware reporting security trade