Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect
Data Protection Report
MARCH 16, 2022
The Act will require a “covered entity” to report any “substantial cyber incident” to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes the incident has occurred. Reporting Requirements. CISA will then coordinate further sharing of the report. Work to be Done .
Let's personalize your content