In March 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), requiring critical infrastructure to report significant cyber incidents and ransomware payments to CISA within tight time frames under rules to be developed. CISA has now signaled what its reporting priorities are. Wiley identifies what triggers a reporting obligation, where the agency stands in promulgating rules, what types of activity to share, who should share, how to share, and whom to contact.
Source:
