CISA: Cyber Incident Reporting

On April 4, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking to implement cyber incident and ransom payment reporting requirements adopted in the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which requires covered entities to report cyber incidents within 72 hours after the covered entity reasonably believes that the covered cyber incident has occurred and ransom payments made in response to a ransomware attack within 24 hours after the ransom payment has been made.

Already a member? Log in

Members Get More

This page contains member-only content.

Membership is open to all federally insured credit unions in the United States, both federally and state-chartered. Members enjoy:

  • Hundreds of articles and resources
  • Personalized compliance assistance
  • Discounts on top-rated education opportunities
  • Member-only benefits and savings

Interested? Schedule a Customized Membership Webinar

If you are already logged in and believe you should have access to member-only content, please contact us for assistance at