Wednesday, August 30, 2023

OMB Approves FAR NPRM on Cyber Incident Reporting

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a Federal Acquisition Regulation (FAR) notice of proposed rulemaking (NPRM) for “FAR Case 2021-017, Cyber Threat and Incident Reporting and Information Sharing”. The NPRM was sent to OIRA for review on May 11th, 2023.

According to the Spring Unified Agenda entry for this rulemaking:

“DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to increase the sharing of information about cyber threats and incident information between the Government and certain providers, pursuant to Office of Management and Budget recommendations, in accordance with section 2 (b)-(c), and Department of Homeland Security (DHS) recommendations, in accordance with section 8(b), of Executive Order (E.O.) 14028, Improving the Nation’s Cybersecurity. In addition, the rule will propose requiring certain contractors to report cyber incidents to the Federal Government to facilitate effective cyber incident response and remediation, pursuant to DHS recommendations in accordance with sections 2(g)(i) of E.O. 14028.”

This NPRM will likely be published in the Federal Register sometime next week.

No comments:

 
/* Use this with templates/template-twocol.html */