The United States House of Representatives passed the Strengthening American Cybersecurity Act (SACA) yesterday, as part of a larger $1.5 trillion spending package. The bill has already passed the Senate and is supported by President Biden and is widely expected to be signed into law. The SACA mandates reporting to the Cybersecurity and Infrastructure Agency (CISA) in the event of a breach. Organizations will have 72 hours to report a breach and 24 hours to report if a ransomware payment is made. CISA has publicly stated its intent to share such information with other US government agencies, such as the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), although the SACA has received criticism from the FBI and DOJ because it does not require direct reporting to these law enforcement agencies and may reduce response time. The spending package also increased CISA’s funding by $300 million and provided $185.8 million to the Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response.