In a Letter to Credit Unions, the NCUA is reminding federal credit unions that tighter notification requirements regarding cyber incidents will take effect Sept. 1. Under rule changes adopted in February, the agency will require notification as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident. The letter summarizes the amendments and provides instructions on what and how to report to the NCUA, and includes examples of both reportable (see Appendix A) and non-reportable (see Appendix B) incidents. To facilitate incident reporting, the NCUA is also providing a cyber incident reporting quick reference guide.