f11photo | Shutterstock

The House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022, which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version of the bill that included a mandatory breach notification provision that would have required CISA to develop and establish standards, procedures and timelines for critical infrastructure owners and operators to report cybersecurity incidents, including a requirement to report such incident as early as 72 hours after confirming such cybersecurity incident. Such a requirement would have been a broad expansion of the government’s involvement in cybersecurity for the private sector.

Source: