Short Takes – 4-8-26 - Federal Register Edition

 Notice: System End-of-Life Status. Federal Register EAC notice of availability. Summary: “Under the Election Assistance Commission (EAC) End-of-Life (EOL) Certification Review and Rescission Policy (Policy), the EAC ensures that the EAC's list of certified voting systems reflects only those that are still supported and used. The EAC has found that the voting systems in the “Proposed EOL Systems” [link added] section of this notice are no longer supported and used.” 

Update to EPAAR Text of Provisions and Clauses, Signing of Uniform Hazardous Wastes Manifests. Federal Register EPA notice of proposed rulemaking. Summary: “The Environmental Protection Agency (EPA) is proposing a new EPAAR, Provision and Clause in Solicitation Provisions and Contract Clauses, and Environmental, Conservation, Occupational Safety, and Drug-Free Workplace. The EPA currently has a local clause, which involves the signing of Uniform Hazardous Waste Manifests for Superfund sites. The new clause will enable contractors to sign the Waste Manifest at EPA worksites for the removal of hazardous and non-hazardous materials at both Superfund and non-Superfund sites. The addition of the new clause will allow work to continue when EPA personnel are not present at the worksite.” 

The Sunset Rule-Aircraft Impact Assessment. Federal Register NRC final rule. Summary: “The U.S. Nuclear Regulatory Commission (NRC) is amending its regulations to insert a conditional sunset date for the requirements for aircraft impact assessment. This action is in response to Executive Order 14270, “Zero-Based Regulatory Budgeting to Unleash American Energy.” The NRC has considered public input received on a previous rulemaking to sunset NRC regulations and provides in this document the NRC's response to those public comments that the NRC has deemed significant and adverse.” 

Space Launch Frequency Coordination Portal Web Application Launch. Federal Register NTIA notice. Summary: “Executive Order 14369, Ensuring American Space Superiority, calls for the demonstration of spectrum leadership across space applications to promote United States spectrum management efficiency. In the spirit of this Order, and as one of NTIA's Spectrum IT Modernization deliverables called for in Section 9203 of the National Defense Authorization Act of 2021, NTIA announces the launch of the NTIA Space Launch Frequency Coordination Portal. This portal will allow commercial space launch providers to request spectrum for space launch operations, as well as view the status of their requests and communicate with federal agencies involved in the review process. Agencies will be able to review submitted requests, provide feedback, and approve requests.” 

PHMSA Sends Breakout Tank Inspection NPRM to OMB

 Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notic of proposed rulemaking from the DOT’s Pipeline and Hazardousm Materials Safety Administration (PHMSA) on “Pipeline Safety: Breakout Tank Inspection Rule”. It appears that this rulemaking is a breakout NPRM from a question posed in PHMSA’s May 21, 2025, advanced notice of proposed rulemaking (ANPRM) on “Pipeline Safety: Repair Criteria for Hazardous Liquid and Gas Transmission Pipelines”. 

This rulemaking was not published in the Spring 2025 Unified Agenda. 

Review – 1 Advisory and 2 Updates Published – 4-7-26

 Today CISA’s NCCIC-ICS published a control systems security advisory for products from Mitsubishi Electric. They also updated two advisories for products from Mitsubishi. 

Advisories  

Mitsubishi Advisory - This advisory describes two vulnerabilities in multiple Mitsubishi GENESIS64 and ICONICS Suite products. 

Updates  

Mitsubishi Update #1 - This update provides additional information on the product advisory that was originally published on July 2nd, 2024, and most recently updated on March 3rd, 2026.

Mitsubishi Update #2 - This update provides additional information on the product advisory that was originally published on December 3rd, 2024, and most recently updated on March 10th, 2026. 

For more information on these advisories, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/1-advisory-and-2-updates-published-ccf - subscription required. 

Review – Bills Introduced – 4-6-26

 Yesterday, with both the House and Senate meeting in pro forma session, there were 17 bills introduced. One of those bills will receive additional coverage in this blog: 

HR 8206 Homeland Security and Further Additional Continuing Appropriations Act, 2026 Roy, Chip [Rep.-R-TX-21] 

Space Geek Legislation  

I would like to mention one bill under my limited Space Geek coverage in this blog: 

HR 8198 To amend title 51, United States Code, to advance American space operations, and for other purposes. Fong, Vince [Rep.-R-CA-20] 

For more information on these bills, including legislative history for similar bills in the 118th Congress, as well as a mention in passing about a bill terminating DOD’s AARO, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/bills-introduced-4-6-26 - subscription required. 

Looking Back – 6-16-15

Nearly every morning I start my computer time by looking at information from Google about what happened in my blog in the previous 24 hours. Google, and blogspot.com is a Google service, provides interesting pieces of analytical data about my blog readership. One item of particular interest is the top ten blog posts each day. As you would expect, most of those posts were from the last couple of days, but with 16 years of publishing this blog, every once-in-a-while, a blog post from ancient history rises into that list. 

Today a blog post from June 16th, 2025, ICS-CERT Publishes GarrettCom Advisory, showed up in in the top 10 list. It discussed an advisory that described three vulnerabilities in the GarrettCom Magnum 6k and Magnum 10k product lines. 

Two days in a row with ‘Looking Back’ entries is almost certainly due to my light writing schedule last week. That was due to computer problems, a new laptop, and learning a new operating system. Still working on the latter. 

CISA Adds FortiGuard Vulnerability to KEV Catalog – 4-6-26

 Today, CISA announced that it had added an improper access control vulnerability in the FortiGuard FortiClient EMS to their Known Exploited Vulnerabilities Catalog. The vulnerability was disclosed by FortiGuard on April 4th, 2026. FortiGuard reported in their advisory that the vulnerability was being exploited in the wild. The vulnerability was initially reported to FortiGuard by Simo Kohonen from Defused and Nguyen Duc Anh o Kohonen from Defused and Nguyen Duc Anh. 

CISA has ordered Federal Agencies using the affected product to: “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” A deadline of April 9th, 2026, has been established.