Home » CISA Releases Draft Rule for Cyber Incident Reporting 

Publication date: April 9, 2024

CISA Releases Draft Rule for Cyber Incident Reporting 

Share this content

Written by Angela Polania

Angela Polania, CPA, CISM, CISA, CRISC, HITRUST, CMMC RP. Angela is the Managing Principal at Elevate and board member, and treasurer at the CIO Council of South Florida.

In March 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation aims to enhance America’s cybersecurity by requiring covered entities to report critical cyber incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA).  

Under these rules, companies are required to report cyber security incidents within 72 hours. It also covers reporting guidelines in cases where companies make ransom payments to be reported within 24 hours. By providing strict guidelines on identifying, addressing and reporting cyber security incidents, these can significantly prevent disruptions to essential services and infrastructure. 

CISA Reporting Header

Purpose of Regulation 

The main purpose of CIRCIA is to help preserve the national security, economic security, and public health and safety from cyber security threats. It also helps promote a more transparent posture from covered entities when reporting cybersecurity incidents. This requires them to report incidents within a timely manner that helps strengthen collaboration between entities and CISA. 

1. Cyber Incident Reporting Requirements  

Under CIRCIA, organizations falling within the 16 critical infrastructure sectors must promptly report cyber incidents to CISA. The reporting window is 72 hours from the time the entity reasonably believes the incident occurred. This swift reporting enables CISA to coordinate a response and ensure threat mitigation and identify and address cyber threats to the public. 

2. Federal Cyber Incident Report Sharing 

While mandatory reporting isn’t yet in effect, CISA encourages all entities to voluntarily share information about cyber incidents. Swift sharing assists CISA in providing timely assistance and issuing warnings to prevent loss from a cyber security incident. Organizations can report unusual cyber activity via cisa.gov/report. 

3. Cyber Incident Reporting Council 

The Cyber Incident Reporting Council (CIRC) plays a crucial role in implementing CIRCIA. It is authorized by Congress and consist of several federal agencies whose mandate is to coordinate and develop existing and future cyber incident report requirements and ensure consistent alignment between federal entities and agencies on reporting practices. 


CIRCIA encourages a more organized and rapid response to reporting incidents and provides a key foundation for cybersecurity resilience by fostering a transparent and collaborative posture against cyber security threats. 

Related posts

Contact Us
(888) 601-5351

Office Hours
9am – 5pm EST

Skip to content