Earlier this week, the OMB’s Office of Information and
Regulatory Affairs (OIRA) announced
that it had received a Federal Acquisition Regulation (FAR) notice of proposed
regulations (NPRM) for “FAR Case 2021-017, Cyber Threat and Incident Reporting
and Information Sharing”. An earlier version of this NPRM was recently
withdrawn from review at OMB.
According to the Fall 2022 Unified Agenda entry for this rulemaking:
“DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to increase the sharing of information about cyber threats and incident information between the Government and certain providers, pursuant to OMB recommendations, in accordance with section 2 (b)-(c), and Department of Homeland Security recommendations, in accordance with section 8(b), of Executive Order 14028, Improving the Nation’s Cybersecurity. In addition, requires certain contractors to report cyber incidents to the Federal Government to facilitate effective cyber incident response and remediation, pursuant to Department of Homeland Security recommendations in accordance with sections 2(g)(i) of Executive Order 14028.”
There is no public record of what may have changed between
the earlier version of this NPRM and the one currently being reviews by OIRA.
No comments:
Post a Comment