{"id":188029,"date":"2026-02-16T03:33:00","date_gmt":"2026-02-16T08:33:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/16\/as-circia-implementation-advances-cisa-turns-to-industry-to-refine-reporting-thresholds-and-sector-criteria\/"},"modified":"2026-02-16T18:25:20","modified_gmt":"2026-02-16T23:25:20","slug":"as-circia-implementation-advances-cisa-turns-to-industry-to-refine-reporting-thresholds-and-sector-criteria","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/16\/as-circia-implementation-advances-cisa-turns-to-industry-to-refine-reporting-thresholds-and-sector-criteria\/","title":{"rendered":"As CIRCIA implementation advances, CISA turns to industry to refine reporting thresholds and sector criteria"},"content":{"rendered":"

As CIRCIA implementation advances, CISA turns to industry to refine reporting thresholds and sector criteria<\/a><\/p>\n

https:\/\/industrialcyber.co\/cisa\/as-circia-implementation-advances-cisa-turns-to-industry-to-refine-reporting-thresholds-and-sector-criteria\/<\/a><\/p>\n

Publish Date: 2026-02-16 03:33:00<\/a><\/p>\n

Source Domain: industrialcyber.co<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency announced a series of virtual town halls to gather stakeholder input on implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The sessions begin March 9, with the full schedule published in the Federal Register. The meetings are intended to inform the ongoing CIRCIA rulemaking process as the agency works to strengthen national cybersecurity while minimizing unnecessary compliance burdens on covered entities.<\/p>\n

As CIRCIA will likely affect various organizations, CISA is using the town halls to collect feedback on the Notice of Proposed Rulemaking (NPRM) in a structured setting that allows participation across critical infrastructure sectors while preserving a transparent public record. The agency said it will not reopen the formal comment period at this time but may reconsider if circumstances warrant.<\/p>\n

The notice announces a series of town hall meetings that will provide external stakeholders with a limited additional opportunity to comment on refining the scope and compliance burden of the CIRCIA Notice of Proposed Rulemaking (NOPR), which was published in the Federal Register on April 4, 2024. The proposed rule is intended to implement the CIRCIA, as amended, by establishing reporting requirements for covered cyber incidents and ransom payments affecting covered entities.<\/p>\n

The town halls will be held virtually on the following dates. Sessions for the Chemical, Water and Wastewater, Dams, Energy, and Nuclear Reactors, Materials, and Waste sectors are scheduled for March 9, 2026. The Commercial Facilities, Critical Manufacturing, and Food and Agriculture sectors will meet on March 12, this year. The Emergency Services, Government Facilities, and Healthcare and Public Health sectors are scheduled for March 17. The Communications, Transportation Systems, and Financial Services sectors will meet on March 18, while the virtual meeting for the Defense Industrial Base and Information Technology sectors are scheduled for March 19.<\/p>\n

\u201cTown hall meetings are intended to provide stakeholders with the opportunity to directly share their feedback on the CIRCIA NPRM with CISA,\u201d Madhu Gottumukkala, acting CISA director, wrote in the Federal Register notice. \u201cCISA will not be able to share nonpublic or deliberative information about the CIRCIA rulemaking during meetings, nor will CISA be able to commit to resolving policy issues impacting or impacted by the rulemaking in a specific manner.\u201d<\/p>\n

\u201cImplementing CIRCIA will significantly enhance our ability to assist victims of cyber incidents, identify emerging threats, and rapidly share actionable information to protect others,\u201d Nick Andersen, CISA executive assistant director for cybersecurity, said in a media statement. \u201cStakeholder input is critical as we finalize this rule to strengthen our collective defense. CISA is committed to delivering a framework that appropriately balances its impact on improving our nation\u2019s cybersecurity posture with avoiding unnecessary burden to entities in critical infrastructure sectors.\u201d<\/p>\n

\u200b\u200bCISA also plans to hold two general virtual town hall meetings on March 31 and April 2. Each session is expected to last approximately two hours, with start and end times scheduled during core business hours in Eastern Time. Specific timing details will be posted online.\u00a0<\/p>\n

The cybersecurity agency may extend, reschedule, or cancel any meeting for reasons including severe weather, a public health emergency, low registration, or any incident that affects the agency\u2019s ability to conduct the session as planned. Any changes to dates, format, or timing will be posted on the CIRCIA webpage and communicated by email to registered participants.<\/p>\n

Enacted in March 2022, CIRCIA is a U.S. law that will help the government quickly respond to cyber threats and share information to protect critical infrastructure. Once the final rule is implemented, covered organizations will be required to report certain cyber incidents to CISA within 72 hours and ransom payments within 24 hours.\u00a0<\/p>\n

Last September, CISA announced that it was set to finalize regulations to implement certain aspects of the CIRCIA by May 2026. The agency will consider streamlining the CIRCIA rule and finding ways to deconflict with other cyber regulations. Specifically, CIRCIA directs CISA to develop and implement regulations requiring covered entities to submit reports to CISA regarding covered cyber incidents and ransom payments.<\/p>\n

During the town hall meetings, CISA welcomes any specific, actionable improvements that CISA could implement in the final rule to clarify or reduce the burden of CIRCIA\u2019s regulatory requirements while enhancing the federal government\u2019s visibility into the cyber threat landscape for critical infrastructure sectors. Input that would be most useful are examples of how the NPRM may impact regulated entities and specific improvements, including how such suggestions would increase the benefit of CIRCIA to critical infrastructure owners and operators.\u00a0<\/p>\n

CISA is seeking input on the scope of entities that would qualify as covered entities solely under a size-based threshold and would not meet any sector-specific criteria, as well as on the proposed inclusion of that size-based criterion. The agency is also requesting feedback on the sector-based criteria outlined in the applicability section of the proposed rule and on possible alternative criteria for the Commercial Facilities, Dams, and Food and Agriculture sectors if the general size threshold is modified or removed.<\/p>\n

The agency is asking whether the Environmental Protection Agency\u2019s Risk Management Program should serve as alternative sector-based criteria for the Chemical Sector, given that the Chemical Facility Anti-Terrorism Standards program remains unauthorized. It is also seeking comment on its proposal to cover Oil and Natural Gas Subsector entities primarily through the size-based threshold rather than through criteria tailored specifically to that subsector, and whether that threshold would capture the appropriate population.<\/p>\n

CISA is further evaluating whether the final rule should include specific criteria for Managed Service Providers or Cloud Service Providers that use open-source software, or whether additional reporting requirements tied to open-source code, software, or repositories are warranted. The agency is also asking whether other existing lists of entities within critical infrastructure sectors should define covered entities, either instead of or in addition to the proposed applicability criteria.<\/p>\n

In addition, CISA is requesting feedback on its proposed examples of incidents that would or would not qualify as a substantial cyber incident, including whether those examples are accurate and whether other scenarios should be included. The agency is seeking input on its interpretations of what constitutes substantially similar information and substantially similar timeframes, as well as suggestions to improve report content and the proposed processes for requests for information and subpoenas.<\/p>\n

Finally, CISA is asking for recommendations on how to align CIRCIA\u2019s reporting requirements with existing federal, state, local, tribal, and territorial laws and policies that require cyber incident or ransom payment reporting, and how to reduce duplication or conflict across those regimes.<\/p>\n

Commenting on the move, Mary Gannon, senior OT incident response engineer at GuidePoint Security, wrote in an emailed statement to Industrial Cyber that the CIRCIA Incident Reporting Requirements for Critical Infrastructure provide the next step in handling incidents based on the increased importance on critical infrastructure cybersecurity. \u201cThese requirements will provide insights that have not existed previously, unless voluntarily shared by organizations.\u201d<\/p>\n

She noted that the sharing of incident data will help organizations identify incidents that their peers have experienced, as well as track possible threats that could be encountered based upon similarities within the reports.<\/p>\n

\u201cThe commentary surrounding ensuring that the data is anonymized when released publicly is a key component to these requirements, allowing organizations that report their incidents to have privacy, while also providing key information to their peers,\u201d Gannon added. \u201cPeers will then be able to proactively hunt for similar threats in their environments, and walk through the incidents in a tabletop format to increase their level of preparedness.\u201d<\/p>\n

She further pointed out that these requirements also provide definitions for a \u2018Cyber Incident,\u2019 \u2018Covered Cyber Incident,\u2019 and \u2018Substantial Cyber Incident,\u2019 which allows a consistent uniformity across sectors. Having a standard definition for these terms will help organizations understand when an event has reached the level of an incident.<\/p>\n

\t\t\t\t\tAnna Ribeiro\t\t\t\t<\/p>\n

\t\t\t\t\tIndustrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.\t\t\t\t<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

As CIRCIA implementation advances, CISA turns to industry to refine reporting thresholds and sector criteria…<\/p>\n","protected":false},"author":1,"featured_media":188030,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/industrialcyber.co\/wp-content\/uploads\/2025\/05\/CISA-Advisory-left.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-188029","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188029"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=188029"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188029\/revisions"}],"predecessor-version":[{"id":188031,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/188029\/revisions\/188031"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/188030"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=188029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=188029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=188029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}