← Back to regulations
Regulation
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act)
Pub. L. 117-103, Division Y
Cybersecurity
Jurisdiction
United States
Date
Mar 15, 2022
Status
Enacted
Source
legaldatahunter
Legislative Body
United States Congress
Enacted
Mar 15, 2022
Type
legislation
Relevance
86%
Summary
Requires critical infrastructure entities to report substantial cyber incidents to CISA within 72 hours and ransomware payments within 24 hours. CISA is directed to establish implementing regulations, create a centralized incident reporting system, and share anonymized threat intelligence with the private sector.