44 min
CIRCIA Rulemaking: Double Incident Reporting for the DIB Sum IT Up: CMMC News Roundup
-
- Technology
Defense contractors have had cyber incident reporting obligations under DFARS clause 252.204-7012 for many years. Recently, however, CISA issued a 457-page proposed rule implementing the 2022 Cyber Incident Reporting for Critical Infrastructure Act. Unless CISA and DoD can reach an agreement, DIB contractors will have duplicative incident reporting obligations for two different agencies.
Episode Links:
CIRCIA Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements
Congressional Research Service Report (PDF): https://crsreports.congress.gov/product/pdf/R/R48025
How to submit effective comments: https://youtu.be/1T_62cYiUA4?si=sp91i_cXFGiyD7JW
Defense contractors have had cyber incident reporting obligations under DFARS clause 252.204-7012 for many years. Recently, however, CISA issued a 457-page proposed rule implementing the 2022 Cyber Incident Reporting for Critical Infrastructure Act. Unless CISA and DoD can reach an agreement, DIB contractors will have duplicative incident reporting obligations for two different agencies.
Episode Links:
CIRCIA Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements
Congressional Research Service Report (PDF): https://crsreports.congress.gov/product/pdf/R/R48025
How to submit effective comments: https://youtu.be/1T_62cYiUA4?si=sp91i_cXFGiyD7JW
44 min