Yesterday the OMB’s Office of Information and Regulatory
Affairs (OIRA) announced that it had received three notices of proposed
rulemaking (NPRM) from the DHS Office of the Secretary relating to
cybersecurity requirements in the DHS acquisition process. Those rulemakings
were:
• Privacy Training;
and
Only the first rulemaking has
been published in the Unified Agenda so we can only make assumptions as to
the content of the other two. It is very possible that the second does not
really address cybersecurity issues at all.
The unified agenda listing for the Safeguarding of Sensitive
Information rule only specifically mentions personally identifiable
information, but the way that it is worded could certainly include controlled
but unclassified (CBU) information that will be regulated by rules being
established by the National Archives and Records Administration (final rule under
review at OIRA). It will be interesting to see if this DHS rule includes
the same NIST
computer standards that are expected to be included in the NARA rule.
OIRA typically approves acquisition rulemakings faster than
wider regulatory issues so we might see an approval here in the next month or
so.
Posts
No comments:
Post a Comment