OtherUnited States
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act)
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Pub.L. 117-103, Division Y) requires covered critical infrastructure entities to report covered cyber incidents to CISA within 72 hours and ransom payments within 24 hours.
Domains
Interagency Coordination
Enforcement and Compliance
Information Sharing and Use
Incident Reporting Requirements
Covered Entities and Scope
Compare CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act)
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) vs ISO 27001:2022View comparison →CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) vs SOC 2View comparison →CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) vs NIST CSF 2.0View comparison →CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) vs GDPRView comparison →CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) vs HIPAAView comparison →CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) vs PCI DSS 4.0View comparison →
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) by Industry
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Healthcare→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Financial Services→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Technology→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Government→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Manufacturing→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Energy→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Retail→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Education→
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) by Role
CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for CISOs→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Compliance Officers→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Risk Managers→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for IT Directors→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for DPOs→CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act) for Auditors→
Frequently Asked Questions
What is CIRCIA?
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (Pub.L. 117-103, Division Y) requires covered critical infrastructure entities to report covered cyber incidents to CISA within 72 hours and ransom payments within 24 hours.
How many controls does CIRCIA have?
CIRCIA contains 38 controls organized across 6 domains.
Where does CIRCIA apply?
CIRCIA is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does CIRCIA map to?
CIRCIA has control-to-control mappings with 550 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with CIRCIA compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act)?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.