The Cybersecurity and Infrastructure Security Agency (CISA) will issue a final rule to implement stricter cyber reporting requirements by May 2026, according to a regulatory analysis published Friday.