Despite being crucial in bolstering cyber awareness, the Cybersecurity and Infrastructure Security Agency's cyber incident reporting draft rule — which would mandate critical infrastructure entities to make cyber incident and ransomware disclosures within a 72- and 24-hour period, respectively — has been regarded by trade groups and lawmakers to increase burdens not only on smaller organizations but also CISA itself, CyberScoop reports.
Article Link: New CISA incident reporting draft rule deemed excessive | SC Media