🛡️CISA's New Incident Reporting Requirements
The Cybersecurity Division (CSD) within the Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance. CISA previously published this information collection request (ICR) in the Federal Register on October 7, 2024, for a 60-day public comment period. Three (3) comments were received by CISA. One unrelated public comment was submitted. The purpose of this notice is to allow additional 30-days for public comments.
Learn More🔒Security Directives Ratified by DHS for Pipeline Operators
The Department of Homeland Security (DHS) is publishing official notice that the Transportation Security Oversight Board (TSOB) ratified Transportation Security Administration (TSA) Security Directive Pipeline-2021-01D and Security Directive Pipeline-2021-02E, applicable to owners and operators of critical hazardous liquid and natural gas pipeline infrastructure (owner/operators). Security Directive Pipeline-2021-01D, issued on May 29, 2024, extended the requirements of the Security Directive Pipeline-2021-01 series for an additional year, with minor revisions. Security Directive Pipeline- 2021-02E, issued on July 26, 2024, extended the requirements of the Security Directive Pipeline-2021-02 series for an additional year, with amendments to strengthen their effectiveness and provide additional clarity.
Learn More⚓New Cybersecurity Regulations for U.S.-Flagged Vessels and Facilities
The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.
Learn More🔒Federal Acquisition Regulation Amendments
DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to implement the National Archives and Records Administration's Controlled Unclassified Information Program enacted under an Executive Order entitled Controlled Unclassified Information.
Learn More🔒CISA Notice on Technical Analytics and Business Compliance Requirements
The Office For Bombing Prevention (OBP) within Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review.
Learn More🔒New Cybersecurity Requirements for Restricted Transactions Announced
CISA is announcing publication of finalized security requirements for restricted transactions pursuant to Executive Order (E.O.) 14117, "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern." In October 2024, CISA published proposed security requirements for restricted transactions which would apply to classes of restricted transactions identified in regulations issued by the Department of Justice (DOJ). CISA solicited comment on those proposed security requirements and considered that public feedback when developing the final security requirements. This notice also provides CISA's responses to the public comments received.
Learn More🔐Proposed HIPAA Security Rule Enhancements for Cybersecurity Compliance
The Department of Health and Human Services (HHS or "Department") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, "regulated entities"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.
Learn More🔒New Cybersecurity Workforce Regulations Proposed by DoD, GSA, NASA
DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to incorporate a framework for describing cybersecurity workforce knowledge and skill requirements used in contracts for information technology support services and cybersecurity support services in line with an Executive Order to enhance the cybersecurity workforce.
Learn More🛡️Comment Period Extended for National Cyber Incident Response Plan Update
On December 16, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a request for comment in the Federal Register on a draft National Cyber Incident Response Plan (NCIRP) Update, which requests feedback on the draft update. CISA is extending the public comment period for the draft update for an additional thirty days through February 14, 2025.
Learn More