Negotiators scrapped provision in annual defense spending bill that would have required cybersecurity incidents and ransom payments made to criminal gangs. The measure was removed from the package at the eleventh hour as lawmakers sought a compromise on requirements for private organizations. Some cybersecurity experts express the need to get these requirements codified into law. The NDAA has been used, of late, as an effective vehicle to push previously stagnant cybersecurity legislation across the finish line. Still, supporters of the provision say that since a deal was struck it is likely that they can advance the reporting requirements.”]
Source: https://www.cuinfosecurity.com/cyber-incident-reporting-mandate-excluded-from-final-ndaa-a-18085