WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today announced a revised schedule for a series of virtual town hall meetings to gather stakeholder input on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) rulemaking. Scheduled to begin June 15, these town hall meetings replace the town hall meetings previously scheduled for March and April 2026, but which CISA was not able to hold due to the recent Democrat shutdown of the Department of Homeland Security (DHS).
CISA remains committed to affording stakeholders the opportunity to provide additional input on the CIRCIA rulemaking through a town hall series before the rule is finalized. The revised schedule is available in the Federal Register. Interested stakeholders may register for the town hall meetings at www.cisa.gov/circia. Any changes or updates to the town halls will be available on www.cisa.gov/circia.
“CISA is working to maximize the impact of CIRCIA to significantly improve our Nation’s cybersecurity posture. At the same time, CISA values the interest and concern our stakeholders have that CIRCIA will be implemented with minimal unnecessary burden to entities in critical infrastructure sectors,” said CISA Acting Director Nick Andersen. “CISA appreciates our stakeholder’s patience with waiting for our rescheduled town hall meetings to provide their critical input as we finalize this rule. As an agency built on collaboration and coordination, CISA is committed to hearing from the American people, critical infrastructure owners and operators, and other community members.”
CIRCIA is a U.S. law that will help the government quickly respond to cyber threats and share information to protect critical infrastructure. Once the final rule is implemented, covered organizations will be required to report certain cyber incidents to CISA within 72 hours and ransom payments within 24 hours.
CISA has received numerous requests for additional engagement on the CIRCIA rulemaking process and greatly values its stakeholders’ interest in shaping a final rule that maximizes CIRCIA’s impact on our Nation’s cybersecurity posture while minimizing unnecessary burden. Given the broad stakeholder community that CIRCIA may potentially impact, CISA will conduct a series of town hall meetings to solicit input on the Notice of Proposed Rulemaking (NPRM). CISA selected this approach to gather additional engagement on the CIRCIA NPRM to provide access to CISA across the broad range of entities within the critical infrastructure sectors.
CISA issued the CIRCIA NPRM in April 2024. To inform the CIRCIA NPRM, CISA hosted in-person public listening sessions across the country, conducted virtual sector-specific sessions, and engaged with Sector Risk Management Agencies (SRMAs) and other federal partners—all aimed at gathering meaningful input from a broad range of stakeholders. The NPRM was open for a 90-day public comment period.
For more information, please visit www.cisa.gov/circia.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to manage, uncover, and reduce risk to our digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram