# CISA Circular Formatter (CPG 7.1) > Format incident data for CISA and SRMA reporting under CPG 7.1 and CIRCIA. Enforces 72-hour (covered incident) and 24-hour (ransomware) notification windows and validates Information Requirements so the first report is complete. Tags: CISA, CPG, CIRCIA, Critical Infrastructure, Incident Reporting, Ransomware ## Example Prompts - Enforce CISA 72-hour notification deadline from our detection timestamp - Draft our first CISA/CIRCIA incident report with all Information Requirements - Validate our incident report before submitting to CISA and our SRMA - Pre-draft the report for a ransomware incident and check the 24-hour window URL: https://rakenne.app/skills/cisa-circular-formatter/index.md Try this skill: https://rakenne.app/a/?skill=cisa-circular-formatter ## Overview Format incident data for CISA and SRMA reporting under CPG 7.1 and CIRCIA. Enforces 72-hour (covered incident) and 24-hour (ransomware) notification windows and validates Information Requirements so the first report is complete. ## Example Conversation > **You:** We detected a ransomware incident at 2025-02-15T08:00Z. Help me draft the CISA report and check we're within the window. > **Agent:** I'll run the notification enforcer and then draft the report. *(Runs `notification_window_enforcer` with detectionTimestamp `2025-02-15T08:00:00Z`, isRansomware `true`.)* You have a 24-hour window; deadline is 2025-02-16T08:00Z. I've created a draft with the required Information Requirements (entity contact, detection time, incident description, affected systems, incident type). *(Runs `validate_circia_report` on the draft.)* All required elements are present. You can submit to CISA and your SRMA before the deadline. ## Output Excerpt After the agent runs the notification enforcer and drafts the report, the document typically includes a notification highlight and all CIRCIA Information Requirements. Excerpt: ```markdown # CISA / CIRCIA Incident Report (CPG 7.1) ## Notification window **Ransomware — 24-hour window.** Detection: 2025-02-15T08:00Z. CISA/SRMA notification deadline: 2025-02-16T08:00Z. Time remaining: 23h 45m. ## Reporting entity contact [Entity name], [sector]. Contact: [name], [title], [email], [phone]. SRMA: [agency if applicable]. ## Detection timestamp 2025-02-15T08:00Z (UTC). ## Incident description [Ransomware/covered cyber incident summary: what was detected, how, and current status.] ## Affected systems [Systems, assets, or networks affected; scope of impact.] ## Incident type Ransomware (covered cyber incident under CIRCIA). [Additional categorization if required.] ``` Running **validate_circia_report** on this draft would pass all required elements (entity contact, detection timestamp, incident description, affected systems, incident type). ## What the Tools Validate The skill includes two extension tools: **`notification_window_enforcer`** computes CISA/CIRCIA notification deadlines from the detection timestamp: - **Input:** `detectionTimestamp` (ISO 8601), optional `isRansomware` (true for 24h window). - **Logic:** 72 hours for covered cyber incidents, 24 hours for ransomware from detection. - **Output:** Deadline time, time remaining (or OVERDUE), and a short highlight to include in the report so the reporting window is explicit. **`validate_circia_report`** checks an incident report draft for required Information Requirements: - **Input:** Path to the draft (Markdown or text). - **Checks:** Entity contact, detection timestamp, incident description, affected systems, incident type (per CIRCIA / CPG 7.1). - **Output:** Pass/fail per element and a summary so the first submission to CISA and SRMA is complete. ## Getting Started Add your source materials to the project workspace, then activate the *CISA Circular Formatter (CPG 7.1)* skill. The agent will guide you through the process step by step. --- Back to [Skill Library](https://rakenne.app/skills/index.md)