Regulators are moving closer to finalizing rules that will obligate organizations in critical sectors to report incidents within strict timelines.

CISA Launches CI Fortify: A Major Shift in U.S. Critical Infrastructure Cyber Defense

Organizations that handle electronic protected health information must now demonstrate verifiable security maturity rather than documented intent.