Learn about the Strengthening American Cybersecurity Act (SACA) that was passed in March of 2022 in this Explainer article.
The Strengthening American Cybersecurity Act (SACA) was passed by the Senate on March 2, 2022. The bill updates information from three other existing pieces of legislation — the Federal Information Security Modernization Act, the Cyber Incident Reporting for Critical Infrastructure Act and the Federal Secure Cloud Improvement and Jobs Act.
Under the first section, the bill calls for the implementation of zero-trust security models, which require continual authentication from every user to maintain access to sensitive data. These detail the situations in which federal agencies must report the facts of a cyberattack to other public and private entities. According to an article by the Chief Operating Officer of NetSPI, Charles Horton, these provisions are designed to prevent ransomware attacks, in which hackers stop individuals from accessing their data and only agree to give it back after payment.
As was stated in an article by The National Law Review, the second section requires that when federal agencies experience a covered cyber incident, they must report it to the Cybersecurity and Infrastructure Security Agency (CISA) before the end of three days. Covered cyber incidents include attacks that damage the confidentiality, integrity, or access of a system, or disrupt business operations. If agencies receive a report of an attack or complete a ransomware payment, they must inform CISA within 24 hours.
To read the rest of this article, to see all sources consulted/reviewed for the purposes of writing this article, and/or to learn about this article's author (Vedant Vamshidhar), click here.