Saturday, May 13, 2023

FAR Cyber Incident Reporting NPRM Sent to OMB – 5-11-23

Earlier this week, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a Federal Acquisition Regulation (FAR) notice of proposed regulations (NPRM) for “FAR Case 2021-017, Cyber Threat and Incident Reporting and Information Sharing”. An earlier version of this NPRM was recently withdrawn from review at OMB.

According to the Fall 2022 Unified Agenda entry for this rulemaking:

“DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to increase the sharing of information about cyber threats and incident information between the Government and certain providers, pursuant to OMB recommendations, in accordance with section 2 (b)-(c), and Department of Homeland Security recommendations, in accordance with section 8(b), of Executive Order 14028, Improving the Nation’s Cybersecurity. In addition, requires certain contractors to report cyber incidents to the Federal Government to facilitate effective cyber incident response and remediation, pursuant to Department of Homeland Security recommendations in accordance with sections 2(g)(i) of Executive Order 14028.”

There is no public record of what may have changed between the earlier version of this NPRM and the one currently being reviews by OIRA.

No comments:

/* Use this with templates/template-twocol.html */