Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a notice of proposed rulemaking on “Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)”. The NPRM was sent to OIRA on May 15th, 2024. This rulemaking would amend an interim final rule that was published on September 29th, 2020.
According to the Spring 2024 Unified Agenda entry for this rulemaking:
“DoD is amending an interim rule to implement the CMMC framework 2.0 in order to protect against the theft of intellectual property and sensitive information from the Defense Industrial Base (DIB) sector. The CMMC framework, as defined in Title 32 of the Code of Federal Regulations (CFR), assesses compliance with applicable information security requirements. This rule provides the Department with assurances that a DIB contractor can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.”
I am not likely to fully cover this rulemaking in this blog.
I will, however, include a link to its publication in the appropriate ‘Short
Takes’ post.
No comments:
Post a Comment