In an expert analysis published by Law360, Special Counsel Arianna Evers, Counsel Shannon Mercer and Associates Meredith Yates and Shervin Taheran share eight questions compliance personnel should ask about recent rules proposed by the Cybersecurity and Infrastructure Security Agency (CISA).
Excerpt: “On April 4, the Cybersecurity and Infrastructure Security Agency published a notice of proposed rulemaking setting out mandatory reporting requirements for covered entities that experience cybersecurity incidents or make ransom payments in relation to a cybersecurity incident. While the rule will inevitably change following the notice and comment period, the proposed rule represents the overall approach that CISA will take when it promulgates a final rule.
Complying with the new rule will take considerable preparation, and companies should begin planning for compliance now.”