Tuesday, August 16, 2022

DHS Sends Safeguarding CUI HSAR Final Rule to OMB

Yesterday, OMB’s Office of Information and Regulatory Affairs announced that it had received a final rule from DHS on “Homeland Security Acquisition Regulation: Safeguarding of Controlled Unclassified Information (HSAR Case 2015-001)”. The notice of proposed rulemaking (NPRM) for this action was published on January 19th, 2017.

According to the listing for this rulemaking in the Spring 2022 Unified Agenda:

“This Homeland Security Acquisition Regulation (HSAR) rule would implement security and privacy measures to ensure Controlled Unclassified Information (CUI), such as Personally Identifiable Information (PII), is adequately safeguarded by DHS contractors. Specifically, the rule would define key terms, outline security requirements and inspection provisions for contractor information technology (IT) systems that store, process or transmit CUI, institute incident notification and response procedures, and identify post-incident credit monitoring requirements.”

This rulemaking would be amendments to existing HSAR regulations in 48 CFR Parts 3001, 3002, 3004, and 3052. Interestingly, a recent yet separate FAR regulation NPRM updating CUI requirements for DOD, GSA, and NASA that had been sent to OMB was withdrawn.

No comments:

/* Use this with templates/template-twocol.html */