"Senate Passes Strengthening American Cybersecurity Act"

The United States Senate has passed the Strengthening American Cybersecurity Act, requiring critical infrastructure operators and federal agencies to report cyberattacks within 72 hours and ransomware payments within 24 hours.  The Act combines language from three bills, including the cyber-incident reporting bill, introduced to the Senate in September 2001.  The legislation would impact companies across 16 federally designated critical infrastructure sectors, including energy and financial services.  Under the new legislation, current federal cybersecurity laws would be updated to enhance coordination between federal agencies.  In addition, all federal civilian agencies would be required to report any significant cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA).  The Act would also give the Federal Risk and Authorization Management Program (FedRAMP) five-year authorization to ensure federal agencies are able to adopt cloud-based technologies.

Infosecurity reports: "Senate Passes Strengthening American Cybersecurity Act"