ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "CIRCIA Rulemaking: Double Incident Reporting for the DIB"
Episode Synopsis
Defense contractors have had cyber incident reporting obligations under DFARS clause 252.204-7012 for many years. Recently, however, CISA issued a 457-page proposed rule implementing the 2022 Cyber Incident Reporting for Critical Infrastructure Act. Unless CISA and DoD can reach an agreement, DIB contractors will have duplicative incident reporting obligations for two different agencies.
Episode Links:
CIRCIA Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements
Congressional Research Service Report (PDF): https://crsreports.congress.gov/product/pdf/R/R48025
How to submit effective comments: https://youtu.be/1T_62cYiUA4?si=sp91i_cXFGiyD7JW
Episode Links:
CIRCIA Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements
Congressional Research Service Report (PDF): https://crsreports.congress.gov/product/pdf/R/R48025
How to submit effective comments: https://youtu.be/1T_62cYiUA4?si=sp91i_cXFGiyD7JW
More episodes of the podcast Sum IT Up: CMMC News Roundup
New CMMC FAQs (January 2026)
08/01/2026
7 CMMC Predictions for 2026
01/01/2026
CMMC Requirements for DLA Suppliers
25/12/2025
FCA Whistleblower Strikes Again
18/12/2025
No CMMC for Hard Copy CUI?
11/12/2025
Primes Can't Waive CMMC
04/12/2025
DIBCAC Assessment Requirements
27/11/2025
November Cyber AB Town Hall Recap
20/11/2025
CMMC Phase 1: What Comes Next?
13/11/2025
CMMC Timeline Refresher
06/11/2025
In God we trust