{"abstract":"The National Credit Union Administration (NCUA or agency) is amending Part 748 of its regulations to require a federally insured credit union (FICU) that experiences a reportable cyber incident to report the incident to the NCUA as soon as possible and no later than 72 hours after the FICU reasonably believes that it has experienced a reportable cyber incident. This notification requirement provides an early alert to the NCUA and does not require a FICU to provide a detailed incident assessment to the NCUA within the 72-hour time frame.","action":"Final rule.","agencies":[{"raw_name":"NATIONAL CREDIT UNION ADMINISTRATION","name":"National Credit Union Administration","id":335,"url":"https://www.federalregister.gov/agencies/national-credit-union-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/335","parent_id":null,"slug":"national-credit-union-administration"}],"body_html_url":"https://www.federalregister.gov/documents/full_text/html/2023/03/01/2023-03682.html","cfr_references":[{"chapter":null,"citation_url":null,"part":"748","title":12}],"citation":"88 FR 12811","comment_url":null,"comments_close_on":null,"correction_of":null,"corrections":[],"dates":"The effective date of this final rule is September 1, 2023.","disposition_notes":null,"docket_ids":[],"dockets":[{"supporting_documents":[],"agency_name":"NCUA","documents":[{"comment_count":0,"comment_start_date":"2023-03-01","updated_at":"2023-03-01T08:56:39.134-05:00","comment_url":"https://www.regulations.gov/commenton/NCUA-2022-0099-0021","allow_late_comments":null,"id":"NCUA-2022-0099-0021","comment_end_date":null,"regulations_dot_gov_open_for_comment":false}],"supporting_documents_count":0,"id":"NCUA-2022-0099","title":"Cyber Incident Notification Requirements for Federally Insured Credit Unions"}],"document_number":"2023-03682","effective_on":"2023-09-01","end_page":12817,"executive_order_notes":null,"executive_order_number":null,"full_text_xml_url":"https://www.federalregister.gov/documents/full_text/xml/2023/03/01/2023-03682.xml","html_url":"https://www.federalregister.gov/documents/2023/03/01/2023-03682/cyber-incident-notification-requirements-for-federally-insured-credit-unions","images":{},"images_metadata":{},"json_url":"https://www.federalregister.gov/api/v1/documents/2023-03682?publication_date=2023-03-01","mods_url":"https://www.govinfo.gov/metadata/granule/FR-2023-03-01/2023-03682/mods.xml","not_received_for_publication":null,"page_length":7,"page_views":{"count":3846,"last_updated":"2026-06-02 12:15:04 -0400"},"pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-03-01/pdf/2023-03682.pdf","presidential_document_number":null,"proclamation_number":null,"public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-03682.pdf?1677591918","publication_date":"2023-03-01","raw_text_url":"https://www.federalregister.gov/documents/full_text/text/2023/03/01/2023-03682.txt","regulation_id_number_info":{"3133-AF47":{"issue":"202210","html_url":"https://www.federalregister.gov/regulations/3133-AF47/cyber-incident-notification-requirements-for-federally-insured-credit-unions","title":"Cyber Incident Notification Requirements for Federally Insured Credit Unions","xml_url":"http://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202210&RIN=3133-AF47&operation=OPERATION_EXPORT_XML","priority_category":"Substantive, Nonsignificant"}},"regulation_id_numbers":["3133-AF47"],"regulations_dot_gov_info":{"supporting_documents":[],"regulatory_plan":{"html_url":"https://www.federalregister.gov/regulations/3133-AF47/cyber-incident-notification-requirements-for-federally-insured-credit-unions","title":"Cyber Incident Notification Requirements for Federally Insured Credit Unions"},"comments_count":0,"agency_id":"NCUA","comments_url":"https://www.regulations.gov/docketBrowser?rpp=50&so=DESC&sb=postedDate&po=0&dct=PS&D=NCUA-2022-0099","supporting_documents_count":0,"docket_id":"NCUA-2022-0099","document_id":"NCUA-2022-0099-0021","regulation_id_number":"3133-AF47","title":"Cyber Incident Notification Requirements for Federally Insured Credit Unions","checked_regulationsdotgov_at":"2023-03-02T13:00:13Z"},"regulations_dot_gov_url":null,"significant":false,"signing_date":null,"start_page":12811,"subtype":null,"title":"Cyber Incident Notification Requirements for Federally Insured Credit Unions","toc_doc":"Cyber Incident Notification Requirements for Federally Insured Credit Unions","toc_subject":null,"topics":["Computer technology","Confidential business information","Credit unions","Internet","Personally identifiable information","Privacy","Reporting and recordkeeping requirements","Security measures"],"type":"Rule","volume":88}