CISA Breach Reporting Rule

 To find out if your organization is a covered entity under the Cybersecurity and Infrastructure Security Agency, I found a Fact Sheet that may help with that decision.


On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make ransom payments in relation to a cybersecurity incident. 

While the rule will inevitably change following the notice and comment period, the proposed rule represents the overall approach that CISA will take when it promulgates a final rule.

JD Supra includes the original full publication that was published by Law360 on May 8, 2024.


Source(s): JD Supra, received on May 14, 2024; CISA Covered Entity Fact Sheet, accessed on May 14, 2024.