CISA Announces Virtual Town Halls on Cyber Incident Reporting Rulemaking for Critical Infrastructure

Press Release

CISA Announces New Town Halls to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure

Advancing National Cybersecurity Posture While Reducing Compliance Burden in the CIRCIA Rulemaking Process Released

February 13, 2026

Related topics: Cybersecurity Best Practices, Critical Infrastructure Security and Resilience WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today announced a series of virtual town hall meetings to gather stakeholder input on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) rulemaking. The town hall meetings are scheduled to begin March 9, with the full schedule available in the Federal Register. Any changes or updates will be available on www.cisa.gov/circia.

“Implementing CIRCIA will significantly enhance our ability to assist victims of cyber incidents, identify emerging threats, and rapidly share actionable information to protect others,” said CISA Executive Assistant Director for Cybersecurity Nick Andersen. “ Stakeholder input is critical as we finalize this rule to strengthen our collective defense. CISA is committed to delivering a framework that appropriately balances its impact on improving our nation’s cybersecurity posture with avoiding unnecessary burden to entities in critical infrastructure sectors.”

CIRCIA is a U.S. law that will help the government quickly respond to cyber threats and share information to protect critical infrastructure. Once the final rule is implemented, covered organizations will be required to report certain cyber incidents to CISA within 72 hours and ransom payments within 24 hours.

CISA has received numerous requests for additional engagement on the CIRCIA rulemaking process and greatly values its stakeholders’ interest in shaping a final rule that maximizes CIRCIA’s impact on our nation’s cybersecurity posture while minimizing unnecessary burden. Given the broad stakeholder community that CIRCIA may potentially impact, CISA will conduct a series of town hall meetings to solicit input on the Notice of Proposed Rulemaking (NPRM). CISA selected this approach to gather additional engagement on the CIRCIA NPRM to provide access to CISA across the broad range of entities within the critical infrastructure sectors.

CISA issued the CIRCIA NPRM in April 2024. To inform the CIRCIA NPRM, CISA hosted in-person public listening sessions across the country, conducted virtual sector-specific sessions, and engaged with Sector Risk Management Agencies (SRMAs) and other federal partners—all aimed at gathering meaningful input from a broad range of stakeholders. The NPRM was open for a 90-day public comment period. As implementation moves forward, CISA believes additional stakeholder engagement will be critical to developing a rule that strikes an appropriate balance of costs and benefits.

Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)

About CISA

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X , Facebook , LinkedIn , Instagram .

Related Articles

Feb 11, 2026

Press Release

CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure

May 19, 2025

Press Release

CISA Welcomes Madhu Gottumukkala as the New Deputy Director

Dec 16, 2024

Press Release

2024 Year in Review Highlights CISA’s Achievements in Reducing Risk and Building Resilience in Cybersecurity and Critical Infrastructure Security

Jan 18, 2024

Press Release

CISA, FBI and EPA Release Incident Response Guide for Water and Wastewater Systems Sector