Recommended Cyber Incident Report Standards

The U.S. Department of Homeland Security (DHS) Office of Strategy, Policy, and Plans has released Harmonization of Cyber Incident Reporting to the Federal Government, a report which discusses requirements, recommendations, and potential legislative changes as they pertain to cyber incident reports. This report aims to satisfy requirements made under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which was enacted to facilitate quick and comprehensive cyber threat and vulnerability assessments across agencies. While enacting mandatory cybersecurity reporting can help secure critical infrastructure, it can also create potential issues within agencies as they manage allocating resources to such reporting efforts.

While assessing these concerns, the DHS Office of Strategy, Policy, and Plans has made the following recommendations:

“Recommendation 1: The Federal Government should adopt a model definition of a reportable cyber incident wherever practicable.

Recommendation 2: The Federal Government should adopt model cyber incident reporting timelines and triggers wherever practicable.

Recommendation 3: Agencies with requirements for covered entities to provide notifications to affected individuals or the public should consider whether a delay is warranted when such notification poses a significant risk to critical infrastructure, national security, public safety, or an ongoing law enforcement investigation.

Recommendation 4: The Federal Government should adopt a model reporting form for cyber incident reports wherever practicable.

Recommendation 5: The Federal Government should assess how best to streamline the receipt and sharing of cyber incident reports and cyber incident information, including through improvements to existing reporting mechanisms or the potential creation of a single portal.

Recommendation 6: Federal cyber incident reporting requirements should allow for updates and supplemental reports.

Recommendation 7: The Federal Government should adopt common terminology regarding cyber incident reporting wherever practicable.

Recommendation 8: The Federal Government should improve processes for engaging with reporting entities following the initial report of a cyber incident.“

For more information, check out the HSDL In Focus topics on Critical Infrastructure Protection, Cyber Policy, and Cyber Crime and National Security.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

More from the HSDL Blog

CHDS Self-Study Course: Advanced Persistent Threats in Nation-State Cyber Operations against the US

Ecological Threat Report 2023

In Case You Missed It: MMWR

CISA AI Roadmap, 2023-2024