If you’ve been paying attention to the recent $800 million Ukrainian relief package, you may have noticed that a long-held-up aspect of US CyberSecurity was included:
the bipartisan Cyber Incident Reporting Act.
What this means for you…
- More than 100,000 companies are covered by this bill, including all those in
the defense industrial base - The new law allows CISA to subpoena companies that fail to report
cybersecurity incidents or ransomware payments - Failures to comply can be referred to the Department of Justice for
investigation and penalties - Whistleblowers have a direct email link
- This is a NIST/CMMC requirement
We have developed both an Incident Response Plan and an Incident Response Policy and Procedure as part of our NIST/CMMC offering.