Federal incident report sharing: Any federal entity receiving a report on a cyber incident after the effective date of the final rule must share that report with CISA within 24 hours. CIRCIA regulates “covered entities,” which are public and private organizations within industry sectors considered to be “critical infrastructure” as defined in Presidential Policy Directive 21. The National Credit Union Association has also proposed a rule requiring federally insured credit unions to notify the NCUA within 72 hours of discovering a substantial cyber incident. Train an incident response teamOrganizations should also ensure their incident response team is briefed on the CIRCIA reporting requirements. Building an awareness of the CIRCIA reporting requirements across departments will give organizations the best opportunity to be compliant with these new processes.

Source: New York Times March 07, 2023 21:39 UTC