How many controls does CIRCIA have?

CIRCIA contains 38 controls organized across 6 domains.

Where does CIRCIA apply?

CIRCIA is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does CIRCIA map to?

CIRCIA has control-to-control mappings with 550 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with CIRCIA compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act)

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Pub.L. 117-103, Division Y) requires covered critical infrastructure entities to report covered cyber incidents to CISA within 72 hours and ransom payments within 24 hours.

Domains

Interagency Coordination

Enforcement and Compliance

Information Sharing and Use

Incident Reporting Requirements

Covered Entities and Scope

Frequently Asked Questions

Map CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform