Comments on CISA's cyber incident reporting proposal focused on its overlap with the CIP standards' reporting requirements, with some also calling the proposal too broad.

CISA says its proposed cyber incident reporting requirements took into account feedback from NERC and other stakeholders.

Any new cyber incident reporting requirements for critical infrastructure must be drafted to avoid overlap with existing regulations, the ERO told CISA.

As it moves toward implementing the cybersecurity requirements added to its budget, CISA said it will seek public comment on the best approach for execution.