{"id":230886,"date":"2026-06-12T17:13:00","date_gmt":"2026-06-12T21:13:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/12\/cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules\/"},"modified":"2026-06-12T17:20:08","modified_gmt":"2026-06-12T21:20:08","slug":"cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/12\/cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules\/","title":{"rendered":"CISA revives push toward long-awaited cyber incident reporting rules"},"content":{"rendered":"<p><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/06\/cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules\/\">CISA revives push toward long-awaited cyber incident reporting rules<\/a><\/p>\n<p><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/06\/cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules\/\">https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/06\/cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-12 17:13:00<\/a><\/p>\n<p>Source Domain: <a href=\"federalnewsnetwork.com\">federalnewsnetwork.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                    The Cybersecurity and Infrastructure Security Agency is restarting public engagements on delayed cyber incident reporting rules that will likely cover tens of thousands of critical infrastructure organizations.<br \/>\nThe meetings come as CISA faces pressure to issue the final regulations quickly, while some lawmakers and industry groups also want the agency to amend the draft rules to be less broad and burdensome.<br \/>\nStarting Monday, CISA will host a series of virtual town halls to get feedback on the draft regulations to implement the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The meetings will run through Wednesday.<br \/>\nCISA had initially planned to host the meetings this spring, but they were delayed due to the partial government shutdown.]]><\/p>\n<p>During a keynote address at a June 9 conference hosted by Axonius in Washington, acting CISA Director Nick Andersen said CIRCIA reporting will be part of a \u201cnationwide shift\u201d in how government measures cyber risks and threats.<br \/>\n\u201cWe need your substantive feedback to be able to make that as good as it can be,\u201d Andersen said.<br \/>\nThe reporting rules will apply across 16 critical infrastructure sectors, ranging from electric utilities and water systems to hospitals and chemical facilities. Under the regulations, covered entities will have to report cyber incidents to CISA within 72 hours and ransomware payments within 24 hours.<br \/>\nCongress passed the law in reaction to escalating cyber attacks targeting critical infrastructure, most notably the 2021 Colonial Pipeline ransomware incident.\u00a0<br \/>\nCISA says the incident reports will allow it to \u201crapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims.\u201d<br \/>\nBut 2024 draft CIRCIA regulations issued under the Biden administration have received pushback for being overly broad, covering an estimated 300,000 entities, and ambiguous in how they define a cyber incident that requires reporting to CISA.<br \/>\nThe rules have also been criticized for conflicting with dozens of sector-specific cyber reporting regulations. Officials have said CISA will establish information-sharing agreements with other agencies to reduce overlap, but there have been few details regarding progress on those agreements.]]><\/p>\n<p>Last year, the Trump administration stalled implementation of the rules to get additional feedback.<br \/>\nDuring a June 10 event hosted by the Homeland Security Defense Forum in Washington, House Homeland Security Committee Chairman Andrew Garbarino (R-N.Y.) said he was glad the administration ultimately delayed CIRCIA. He called the draft rules \u201cnot good.\u201d<br \/>\n\u201cWe were so happy to get done and then all of a sudden, it\u2019s not what we what we intended,\u201d Garbarino said. \u201cSo making sure that it is what we intended \u2026 because there were so many reporting regulations out there. We wanted this to be the one, not just one another one. So getting it done right is very important to me.\u201d<br \/>\nBut other lawmakers are pressing CISA to quickly finalize the rule.<br \/>\nIn their report on the fiscal 2027 homeland security spending bill, lawmakers on the GOP-led House Appropriations Committee wrote that the panel is \u201cconcerned about delays in publishing the final CIRCIA rule and urged CISA to finalize it promptly following stakeholder review and feedback.\u201d<br \/>\nThe report directs CISA to brief the committee on its CIRCIA plans as part of quarterly budget and staffing briefings.<br \/>\nIn response to a question from a reporter following his keynote at Axonius, Andersen said he doesn\u2019t have a specific deadline in mind for finalizing CIRCIA.<br \/>\n\u201cI don\u2019t want to presuppose the amount and the types of comments that we\u2019re going to get coming out of the town halls,\u201d Andersen said. \u201cWe could have a lot of comments that come to us and really radically change our way of thinking about what the need is here, but our focus is just on what\u2019s the original congressional intent behind CIRCIA. What is the greatest need that we\u2019re going to be able to serve, and how it\u2019s going to be able to further the mission that we have for the nation, but right now, I don\u2019t have a particular date to give you for finalization.\u201d<br \/>\nThe regulations are the first that CISA has developed. The cyber agency, created in 2018, has primarily relied on voluntary partnerships with the private sector.]]><\/p>\n<p>Another key question is how readily and effectively CISA will be able to process numerous cyber incident reports from across sectors.<br \/>\nCISA\u2019s fiscal 2027 budget request details how the agency is creating an \u201cunclassified ticketing system with role-based access controls\u201d to help manage CIRCIA. The system will allow for \u201cintegration with other tools in a unified ecosystem, preparing CISA to securely receive, aggregate, analyze, enrich, and share information from reports,\u201d the budget request states.<br \/>\nCISA is also creating a new \u201cfront-facing web portal\u201d for entities to submit CIRCIA reports, according to the budget request.<br \/>\n                    Copyright<br \/>\n                            \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA revives push toward long-awaited cyber incident reporting rules https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/06\/cisa-revives-push-toward-long-awaited-cyber-incident-reporting-rules\/ Publish Date: 2026-06-12 17:13:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":230887,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2024\/03\/cybersecurity-scaled.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-230886","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230886"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=230886"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230886\/revisions"}],"predecessor-version":[{"id":230888,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/230886\/revisions\/230888"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/230887"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=230886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=230886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=230886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}