Security Policy Alert: TSA Issued FAQs on Cyber Incident Reporting Requirements
February 24, 2022
TSA issued frequently asked questions (FAQs) about cybersecurity incident reporting on HSIN for airport and aircraft operators. The document addresses questions related to TSA-NA-21-05 for airport operators that were received from the industry. These cyber incident reporting requirements went into effect on January 10, 2022. Among other things, the FAQs provide more detail about the flow of information between TSA and CISA, timelines for the industry to report cyber incidents, thresholds for reporting such incidents, what to expect after an incident has been reported, how to provide updates about the incident, if the information will be shared beyond DHS, and how the shared information will be protected.
TSA issued frequently asked questions (FAQs) about cybersecurity incident reporting on HSIN for airport and aircraft operators. The document addresses questions related to TSA-NA-21-05 for airport operators that were received from the industry. These cyber incident reporting requirements went into effect on January 10, 2022. Among other things, the FAQs provide more detail about the flow of information between TSA and CISA, timelines for the industry to report cyber incidents, thresholds for reporting such incidents, what to expect after an incident has been reported, how to provide updates about the incident, if the information will be shared beyond DHS, and how the shared information will be protected.
