{"id":187264,"date":"2026-02-13T13:39:00","date_gmt":"2026-02-13T18:39:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/13\/cisa-reopens-comment-opportunity-on-cyber-incident-reporting-requirements-wiley\/"},"modified":"2026-02-14T01:50:26","modified_gmt":"2026-02-14T06:50:26","slug":"cisa-reopens-comment-opportunity-on-cyber-incident-reporting-requirements-wiley","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/13\/cisa-reopens-comment-opportunity-on-cyber-incident-reporting-requirements-wiley\/","title":{"rendered":"CISA Reopens Comment Opportunity on Cyber Incident Reporting Requirements: Wiley"},"content":{"rendered":"<p><a href=\"https:\/\/www.wiley.law\/alert-CISA-Reopens-Comment-Opportunity-on-Cyber-Incident-Reporting-Requirements\">CISA Reopens Comment Opportunity on Cyber Incident Reporting Requirements: Wiley<\/a><\/p>\n<p><a href=\"https:\/\/www.wiley.law\/alert-CISA-Reopens-Comment-Opportunity-on-Cyber-Incident-Reporting-Requirements\">https:\/\/www.wiley.law\/alert-CISA-Reopens-Comment-Opportunity-on-Cyber-Incident-Reporting-Requirements<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-13 13:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.wiley.law\">www.wiley.law<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. The U.S. Department of Homeland Security\u2019s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is working to finalize a rule that would require large segments of industry to rapidly report to the government when they become victims of cybersecurity incidents. As we noted in March 2024, Congress mandated CISA\u2019s proposed new cyber incident reporting framework under the Cybersecurity Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Signed into law on March 15, 2022, CIRCIA directed CISA to (1) issue a Notice of Proposed Rulemaking (NPRM) by March 15, 2024, and (2) issue a final rule within 18 months of publication of the NPRM (i.e., fall 2025). In response to significant public and industry pushback against its broad NPRM, CISA is now taking additional time to develop the final rule.<br \/>\nDuring the proceeding, commenters expressed significant concerns about the number and scope of companies that would be covered, a definition of reportable cyber incident that would flood CISA with low-impact reporting, the lack of substantial steps proposed to harmonize CIRCIA requirements with other cybersecurity regulatory requirements, and expansive proposed reporting requirements that would gather sensitive information from victim companies.<br \/>\nCISA Will Hold Sector-Focused \u201cTown Halls\u201d<br \/>\nCISA announced in a Federal Register notice on February 13, 2026 that it will host a series of virtual \u201ctown hall\u201d meetings between March 9 and April 2, 2026 to obtain additional feedback on the CIRCIA rulemaking. Each of the town halls combine several critical infrastructure sectors together with the exception of a general session.<\/p>\n<p>Chemical Sector; Water and Wastewater Sector; Dams Sector; Energy Sector; and Nuclear Reactors, Materials, and Waste Sector \u2013 March 9, 2026<br \/>\nCommercial Facilities Sector; Critical Manufacturing Sector; and Food and Agriculture Sector \u2013 March 12, 2026<br \/>\nEmergency Services Sector, Government Facilities Sector, Healthcare and Public Health Sector \u2013 March 17, 2026<br \/>\nCommunications Sector; Transportation Systems Sector; and Financial Services Sector \u2013 March 18, 2026<br \/>\nDefense Industrial Base Sector and Information Technology Sector \u2013 March 19, 2026<br \/>\nGeneral session 1 (i.e., not focused on a particular sector) \u2013 March 31, 2026, and general session 2 \u2013 April 2, 2026.<\/p>\n<p>Interested parties should register via CISA.gov to participate in the meetings. CISA has announced that the purpose of the town hall meetings is \u201cto solicit input on the NPRM,\u201d and that CISA will be unable to share deliberative information about the rulemaking nor commit to particular policy outcomes. As a result, attendees should not expect to hear new substantive information from the agency about the forthcoming rule \u2013 rather, the town halls are an additional opportunity for potentially impacted stakeholders to provide feedback to CISA. CISA had previously announced via a regulatory filing with the Office of Management and Budget that the agency intended to finalize the CIRCIA rule by May 2026. That date is likely to slip later to accommodate what we expect to be substantive feedback from stakeholders through these town halls.<br \/>\nIndustry Should Consider Identifying \u201cSpecific, Actionable\u201d Improvements to the NPRM<br \/>\nCISA\u2019s announcement frames the agency\u2019s questions in terms of the impact of the NPRM on regulated entities and improvements to increase the benefit to critical infrastructure entities. Specifically, CISA seeks \u201cspecific and actionable\u201d improvements to the NPRM, including:<\/p>\n<p>Potential modifications to, or elimination of, the size-based criteria for defining a \u201ccovered entity\u201d that would have to report incidents;<br \/>\nExamples of cybersecurity incidents that should not qualify as \u201csubstantial\u201d incidents that would be required to be reported to CISA under the NPRM;<br \/>\nProposed interpretations of how CISA could find another agency\u2019s reporting requirement to be \u201csubstantially similar\u201d and allow CISA to accept that agency\u2019s report in lieu of a CIRCIA report (in turn reducing reporting burdens on the affected company);<br \/>\nImprovements to the content of required reports; and<br \/>\nSpecific &#8220;covered entity&#8221; definition criteria addressing open-source code, software, or code repositories.<\/p>\n<p>In addition to the town hall series, CISA will accept written materials or data into the record for town hall meeting no later than seven (7) calendar days after that meeting. While CISA\u2019s announcement says that the agency is not reopening the comment period on the NPRM at this time, the town halls offer interested stakeholders an important opportunity to educate the agency on the potential impacts of the CIRCIA rule.<br \/>\n***<br \/>\nWiley\u2019s\u00a0Privacy, Cyber &#038; Data Governance\u00a0team has helped companies of all sizes from various sectors proactively address risks and compliance with new cybersecurity laws and requirements. Our team has been actively involved in advocacy to CISA on these new rules. Please reach out to any of the authors with questions.\u00a0<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA Reopens Comment Opportunity on Cyber Incident Reporting Requirements: Wiley https:\/\/www.wiley.law\/alert-CISA-Reopens-Comment-Opportunity-on-Cyber-Incident-Reporting-Requirements Publish Date: 2026-02-13 13:39:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":187265,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.wiley.law\/i-t1771022538\/logo-og.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-187264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187264"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=187264"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187264\/revisions"}],"predecessor-version":[{"id":187266,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187264\/revisions\/187266"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/187265"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=187264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=187264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=187264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}