The Cybersecurity and Infrastructure Security Agency seeks public input on regulations that will set new mandatory cybersecurity reporting requirements for critical infrastructure companies. Open questions include the following:
- Who will be subject to the new requirements?
- What level of incident will trigger mandatory reporting?
- How much follow-up reporting will be required?
- What costs could potential regulations impose on private-sector companies?
The following Update provides details on the request for information, as well as the response deadline.