Thursday, March 16, 2023

OMB Reports Two FAR Cybersecurity NPRMS Were Withdrawn

The OMB’s Office of Information and Regulatory Affairs (OIRA) announced yesterday that the Federal Acquisition Regulation (FAR) notice of proposed rulemaking for “FAR Case 2021-017, Cyber Threat and Incident Reporting and Information Sharing” had been withdrawn from consideration. The NPRM was submitted to OIRA back in December. There is no discussion as to why it was withdrawn.

Similarly, ORIA announced that the FAR NPRM for “FAR Case 2021-019, Standardizing Cybersecurity Requirements for Unclassified Information Systems” was withdrawn. That NPRM was submitted to OIRA at the same time.

It is possible that this is related to the recent publication of the updated cybersecurity strategy and that substantial changes are being made to the requirements of the two rules. Making changes before the NPRMs were published would effectively shorten the rulemaking process from what would have been required if the government wanted to make changes subsequent to publication.

No comments:

/* Use this with templates/template-twocol.html */