Last week, I briefly mentioned an article over on FCW.com that discussed plans in DOD to make available free software tools for small contractors to better enable them to meet DOD’s contractor cyber maturity requirements. This is a concept that should spread through out the government, but is especially applicable to the Chemical Security Anti-Terrorism Standards (CFATS) program.
To be fair, the CFATS program is practically run on software applications in its Chemical Security Assessment Tool (CSAT). This collection of compliance tools was innovative in its day (and still should be looked at by other security and safety agencies), but it is time to further modernize the program and start moving some tools to the facility devices. One obvious possibility is cyber incident reporting.
Back in September of 2021, CISA clarified (removed from paywall) the cyber incident reporting requirements for CFATS covered facilities. While CISA does have an online cyber incident reporting form, it would make far more sense for regulated facilities to have an app available for such reporting. It would make reporting easier and could automatically include information about the regulated status of the facility (including facility identification).
Such an application could also provide CISA with a secure
mechanism to share cyber threat information with regulated facilities.
No comments:
Post a Comment