Synopsis As Introduced Creates the Consumer Credit Reporting Agency Registration and Cybersecurity Program Act. Provides for requirements for consumer credit reporting agency registration. Contains provisions regarding grounds for revocation and suspension of a registration. Provides that by January 1, 2019, a consumer credit reporting agency must have a cybersecurity program documented in writing and designed to protect the confidentiality, integrity and availability of its information systems. Provides that a consumer credit reporting agency shall implement and maintain a written cybersecurity policy setting forth its policies and procedures for the protection of its information systems and nonpublic information stored on those information systems. Provides that a consumer credit reporting agency shall designated a qualified individual as a chief information security officer to oversee and implement its cybersecurity policy. Contains provisions concerning penetration testing and vulnerability assessments, audit trail, access privileges, and application security. Provides that a consumer credit reporting agency shall conduct periodic risk assessments of its information systems. Provides requirements for cybersecurity personnel and third-party service provider security policy. Provides that a consumer credit reporting agency shall establish a written incident response plan designed to promptly respond to a cybersecurity event. Provides that the consumer credit reporting agency shall notify the Department of Financial and Professional Regulation of the existence of a cybersecurity event no later than 72 hours after the event occurred. Makes other changes. Effective immediately.