AAU and 4 other higher education organizations joined comments led by EDUCAUSE on the regulations proposed by the Cybersecurity and Infrastructure Security Agency (CISA) to implement the reporting requirements of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The comments state “The higher education community finds itself greatly surprised by the proposed application of critical infrastructure cyber incident reporting to colleges and universities in general. Neither CISA nor the SRMA for the subsector that CISA is leveraging to extend the scope of CIRCIA to higher education institutions writ large have a substantive history of engaging our community in critical infrastructure processes.” AAU also joined comments led by ACE regarding the proposed CIRCIA Reporting Requirements stating similar concerns to the proposed rule.