The newCyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than24 monthsfrom the enactment of CIRCIA, which the President signed into lawin March. The sessions and