Trendpublic

🚆DHS Ratifies Security Directives Impacting Critical Rail Operations

The Department of Homeland Security (DHS) is publishing official notice that the Transportation Security Oversight Board (TSOB) has ratified Transportation Security Administration (TSA) Security Directive 1580-21-01B, Security Directive 1582-21-01B, Security Directive 1580/82-2022-01A, and Security Directive 1580/82-2022-01C applicable to owners and operators of critical rail entities (owners/ operators). Security Directive 1580-21-01B and Security Directive 1582- 21-01B extended the requirements of 1580-21-01 and 1582-21-01 series for an additional year, with minor revisions. Security Directive 1580/ 82-2022-01A and Security Directive 1580/82-2022-01C extend the performance-based requirements of the 1580/82-2022-01 series for an additional year and amends them to strengthen their effectiveness and address emerging cyber threats.

⚓New Cybersecurity Regulations for U.S.-Flagged Vessels and Facilities

The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.

🛡️CISA's New Incident Reporting Requirements

The Cybersecurity Division (CSD) within the Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this information collection request (ICR) in the Federal Register on October 7, 2024, for a 60-day public comment period. Three (3) comments were received by CISA. One unrelated public comment was submitted. The purpose of this notice is to allow additional 30-days for public comments.

🔒Security Directives Ratified by DHS for Pipeline Operators

The Department of Homeland Security (DHS) is publishing official notice that the Transportation Security Oversight Board (TSOB) ratified Transportation Security Administration (TSA) Security Directive Pipeline-2021-01D and Security Directive Pipeline-2021-02E, applicable to owners and operators of critical hazardous liquid and natural gas pipeline infrastructure (owner/operators). Security Directive Pipeline-2021-01D, issued on May 29, 2024, extended the requirements of the Security Directive Pipeline-2021-01 series for an additional year, with minor revisions. Security Directive Pipeline- 2021-02E, issued on July 26, 2024, extended the requirements of the Security Directive Pipeline-2021-02 series for an additional year, with amendments to strengthen their effectiveness and provide additional clarity.

🔒NSTAC Meeting Notice

CISA is publishing this notice to announce the President's National Security Telecommunications Advisory Committee (NSTAC) meeting on February 26, 2025. The public can access the meeting via teleconference.

🔒Executive Order 14144

🔒Federal Acquisition Regulation Amendments

DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to implement the National Archives and Records Administration's Controlled Unclassified Information Program enacted under an Executive Order entitled Controlled Unclassified Information.

🔒CISA Notice on Technical Analytics and Business Compliance Requirements

The Office For Bombing Prevention (OBP) within Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review.

🔒New Cybersecurity Requirements for Restricted Transactions Announced

CISA is announcing publication of finalized security requirements for restricted transactions pursuant to Executive Order (E.O.) 14117, "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern." In October 2024, CISA published proposed security requirements for restricted transactions which would apply to classes of restricted transactions identified in regulations issued by the Department of Justice (DOJ). CISA solicited comment on those proposed security requirements and considered that public feedback when developing the final security requirements. This notice also provides CISA's responses to the public comments received.

🔐Proposed HIPAA Security Rule Enhancements for Cybersecurity Compliance

The Department of Health and Human Services (HHS or "Department") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, "regulated entities"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.