{"id":241156,"date":"2026-07-07T16:23:00","date_gmt":"2026-07-07T20:23:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/07\/circia-other-big-cyber-rules-expected-to-get-finalized-this-fall\/"},"modified":"2026-07-07T17:05:12","modified_gmt":"2026-07-07T21:05:12","slug":"circia-other-big-cyber-rules-expected-to-get-finalized-this-fall","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/07\/07\/circia-other-big-cyber-rules-expected-to-get-finalized-this-fall\/","title":{"rendered":"CIRCIA, other big cyber rules expected to get finalized this fall"},"content":{"rendered":"<p><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/07\/circia-other-big-cyber-rules-expected-to-get-finalized-this-fall\/\">CIRCIA, other big cyber rules expected to get finalized this fall<\/a><\/p>\n<p><a href=\"https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/07\/circia-other-big-cyber-rules-expected-to-get-finalized-this-fall\/\">https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/07\/circia-other-big-cyber-rules-expected-to-get-finalized-this-fall\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-07 16:23:00<\/a><\/p>\n<p>Source Domain: <a href=\"federalnewsnetwork.com\">federalnewsnetwork.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>                    CISA&#8217;s long-awaited cyber incident reporting rules are among several cybersecurity regulations that are expected to move forward in the coming months.<\/p>\n<p>        Justin Doubleday@jdoubledayWFED<\/p>\n<p>                July 7, 2026 4:22 pm<br \/>\n            3 min read        <\/p>\n<p>                    September will be an exciting month for fans of federal cybersecurity rules, if the latest preview of government regulatory actions is to be believed.<br \/>\nThat\u2019s because at least three major cybersecurity regulations are expected to be finalized in September, according to the 2026 \u201cUnified Agenda of Federal Regulatory and Deregulatory Actions.\u201d The preview was just updated last week.<br \/>\nIt shows that the Cybersecurity and Infrastructure Security Agency expects to issue a final rule for the Cyber Incident Reporting for Critical Infrastructure Act in September 2026. Earlier this summer, CISA held a series of townhalls to get some final feedback on the regulations.<br \/>\nOnce the final rule is published and goes into effect, it will represent one of the most far-reaching U.S. cyber regulations ever implemented. The rules will apply across 16 critical infrastructure sectors, ranging from electric utilities and water systems to hospitals and chemical facilities. Under the regulations, covered entities will have to report cyber incidents to CISA within 72 hours and ransomware payments within 24 hours.]]><\/p>\n<p>Congress passed CIRCIA in 2022, but the final rule has been delayed due to concerns about the draft regulations CISA released in 2024. Those draft rules have been criticized for being overly broad, covering an estimated 300,000 entities, and for being ambiguous in how they define a cyber incident that requires reporting to CISA.<br \/>\nSome lawmakers and industry groups have also been critical of how the draft CIRCIA rules would conflict with existing incident reporting regulations.<br \/>\nMeanwhile, the Unified Agenda also shows that a federal contracting rule that standardizes cybersecurity requirements for unclassified IT systems will also be finalized in September 2026.<br \/>\nThe rule \u201cwill ensure federal information systems are better positioned to protect from cybersecurity threats by standardizing common cybersecurity contractual requirements across agencies for unclassified federal information systems,\u201d according to the regulatory preview.<br \/>\nAnd another federal contracting rule on \u201ccyber threat and incident reporting and information sharing\u201d is also projected to be finalized in September, the Unified Agenda shows.<br \/>\nBoth the CUI rule and the incident reporting rule have been long anticipated, with proposed rules dating back to 2023. They each represent landmark rules for the government contracting community, which is also grappling with the roll out of the Defense Department\u2019s Cybersecurity Maturity Model Certification (CMMC) requirements.<br \/>\nThe CMMC regulations went into effect late last year, but DoD has been slowly ramping up the requirements for third-party audits. This November, however, the requirement for a third-party CMMC assessment is expected to become standard in all applicable contracts.]]><\/p>\n<p>DoD also expects to shortly issue more details on how the cybersecurity standards that underpin CMMC will be updated.<br \/>\nThe Unified Agenda shows that this month, DoD will adopt an interim final rule for the CMMC program that details the deadline for shifting to the National Institute of Standards and Technology Special Publication 800-171 Revision 3. Currently, CMMC assessments are tied to Revision 2 of the NIST standards.<br \/>\n\u201cSignificant changes between these two documents include added specificity in the security requirements and introduction of organization-defined parameters (ODP) in select security requirements,\u201d the regulatory preview states.<br \/>\nFinally, DoD also expects to issue a Notice of Proposed Rulemaking in August that updates the Defense Federal Acquisition Regulation Supplement clause, \u201cSafeguarding Covered Defense Information and Cyber Incident Reporting.\u201d That clause requires defense contractors to safeguard sensitive data in line with NIST standards, while CMMC is the verification requirements built on top of the DFARS clause.<br \/>\nThe update in August will incorporate new advanced cybersecurity standards for especially sensitive information, as well as \u201charmonization of certain terminology, addressing international agreements, and streamlining the vendor identification process,\u201d according to the regulatory agenda.<br \/>\n                    Copyright<br \/>\n                            \u00a9\u00a02026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CIRCIA, other big cyber rules expected to get finalized this fall https:\/\/federalnewsnetwork.com\/cybersecurity\/2026\/07\/circia-other-big-cyber-rules-expected-to-get-finalized-this-fall\/ Publish Date: 2026-07-07&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241157,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/federalnewsnetwork.com\/wp-content\/uploads\/2024\/01\/CISA-agency.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-241156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241156"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241156"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241156\/revisions"}],"predecessor-version":[{"id":241158,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241156\/revisions\/241158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241157"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}