Update on New Mandated Federal Cyber Policies

computer screen with CISA site open

On March 15, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act. This Act mandates that private sector entities must inform the Cybersecurity and Infrastructure Security Agency (CISA) after suffering a data breach or make a ransom payment. The house passed the bipartisan legislation after failing to pass similar legislation in recent years, amid the growing concerns of retaliatory cyberattacks relating to Russia’s invasion of Ukraine.

The newly passed Act creates two new reporting mandates for business owners and operators of critical infrastructure:

    • Report certain cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) within 72 hours.
    • The obligation to report ransomware payments within 24 hours.

Now that new cyber policies are in place, businesses are advised to modify their cybersecurity defense tools, re-evaluate their internal policies to ensure their procedures reflect the Act’s requirements.

To learn more about how this may affect your business, read more of Law360’s article regarding the new Cybersecurity Incident Reporting for Critical Infrastructure Act here.

You May Also Like…

Request a Demo

AgileBlue is a software company with an innovative SOC-as-a-Service for 24X7 network monitoring, cloud security, data privacy and compliance.

Our modern SOC-as-a-Service is built on innovative machine learning and autonomous execution. If you would like to discuss our SOC-as-a-Service, Partner Program or schedule a brief demo please give us a little info and we will contact you immediately.