CISA Issues Request for Information for Cyber Incident Reporting Rulemaking
Colleges and universities are not subject to the law requiring cyber incident reporting to the Cybersecurity and Infrastructure Security Agency (CISA). However, details of the agency's regulatory process, starting with its recent request for information, are worth noting, given their general implications for federal policy on cyber incident reporting.