CISA Proposes Subpoena Authority for Cyber Reporting Compliance
The Cybersecurity and Infrastructure Security Agency on Wednesday proposed using subpoena authority to ensure companies are complying with cyber incident reporting mandates. CISA issued an NPRM laying out rules for requirements under the 2022 Cyber Incident Reporting for Critical Infrastructure Act (see 2211290071). CISA proposed referring noncompliant entities to DOJ for civil penalties if they fail to produce requested information on incidents. The NPRM is scheduled for Federal Register publication April 4. Comments are due June 3.