Cyber attorney Brown: CISA should harmonize data elements required under upcoming mandatory reporting regime

The Cybersecurity and Infrastructure Security Agency should better harmonize the required data elements under its critical infrastructure incident reporting rule to reduce the compliance burden on covered entities, according to Wiley Rein partner Megan Brown.

The agency published a 447-page NPRM on April 4 to fulfill a requirement in the 2022 Cyber Incident Reporting for Critical Infrastructure Act. The expansive NPRM provides definitions for key terms, how to determine applicability, a proposal for establishing agreements between CISA and other...