The OMB’s Office of Information and Regulatory Affairs (OIRA) announced yesterday that the Federal Acquisition Regulation (FAR) notice of proposed rulemaking for “FAR Case 2021-017, Cyber Threat and Incident Reporting and Information Sharing” had been withdrawn from consideration. The NPRM was submitted to OIRA back in December. There is no discussion as to why it was withdrawn.
Similarly, ORIA announced that the FAR NPRM for “FAR Case 2021-019, Standardizing Cybersecurity Requirements for Unclassified Information Systems” was withdrawn. That NPRM was submitted to OIRA at the same time.
It is possible that this is related to the recent
publication of the updated cybersecurity strategy and that substantial changes
are being made to the requirements of the two rules. Making changes before the
NPRMs were published would effectively shorten the rulemaking process from what
would have been required if the government wanted to make changes subsequent to
publication.
Posts
No comments:
Post a Comment