Rule/Notice/NOFO: DHS Cyber Incident Reporting for Critical Infrastructure: Reporting Requirements

Federal Register/Notice: govinfo.gov

Type of Requirement: NPRM

Description: The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), as amended, requires the Cybersecurity and Infrastructure Security Agency (CISA) to promulgate regulations implementing the statute’s covered cyber incident and ransom payment reporting requirements for covered entities. CISA seeks comment on the proposed rule to implement CIRCIA’s requirements and on several practical and policy issues related to the implementation of these new reporting requirements.

How is it enforced by FTA, DOT, Direct grant requirement, triennial review or other? TBD

Is there a cost or time impact to grantees (best estimate):  TBD

APTA Comment/Letter:  Completed Comments

APTA Staff Advisor: Polly Hanson, phanson@apta.com

Return to table