Technical rule update
CISA Revises Protected Critical Infrastructure Information Program Regulation
The Cybersecurity and Infrastructure Security Agency has introduced a technical rule to amend the regulation establishing the Protected Critical Infrastructure Information program, which is aimed at protecting voluntarily given information pertaining to the security of critical infrastructure maintained by the public and private sectors. The original regulation had gone unchanged since it was published in 2006 and required revisions to address errors and update details such as titles and addresses that were no longer accurate, CISA said Wednesday.
According to David Mussington, executive assistant director for infrastructure security, the clarifications provided by the new rule make it easier for partners to share information. He explained that the PCII program is a key element of the agency’s ability to gather risk information.
Other recent developments relating to CISA include feedback from industry groups concerning a planned online portal for reporting cyber incidents. Comments included requests for accessibility on mobile devices and out-of-band communications channels, options to call and send instant messages and a standardized report format.
Earlier in November, the agency issued a request for information regarding potential providers of cyber threat intelligence enterprise capabilities. CISA aims to acquire a data exchange platform that could centralize sharing and collaboration efforts.
Tags: critical infrastructure cybersecurity Cybersecurity and Infrastructure Security Agency David Mussington Protected Critical Infrastructure Information Program technical rule