🔒Federal Acquisition Regulation Amendments
DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to implement the National Archives and Records Administration's Controlled Unclassified Information Program enacted under an Executive Order entitled Controlled Unclassified Information.
Learn More🔒CISA Notice on Technical Analytics and Business Compliance Requirements
The Office For Bombing Prevention (OBP) within Cybersecurity and Infrastructure Security Agency (CISA) will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review.
Learn More🔒New Cybersecurity Requirements for Restricted Transactions Announced
CISA is announcing publication of finalized security requirements for restricted transactions pursuant to Executive Order (E.O.) 14117, "Preventing Access to Americans' Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern." In October 2024, CISA published proposed security requirements for restricted transactions which would apply to classes of restricted transactions identified in regulations issued by the Department of Justice (DOJ). CISA solicited comment on those proposed security requirements and considered that public feedback when developing the final security requirements. This notice also provides CISA's responses to the public comments received.
Learn More🔐Proposed HIPAA Security Rule Enhancements for Cybersecurity Compliance
The Department of Health and Human Services (HHS or "Department") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information ("Security Rule") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, "regulated entities"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.
Learn More🔒New Cybersecurity Workforce Regulations Proposed by DoD, GSA, NASA
DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to incorporate a framework for describing cybersecurity workforce knowledge and skill requirements used in contracts for information technology support services and cybersecurity support services in line with an Executive Order to enhance the cybersecurity workforce.
Learn More🛡️Comment Period Extended for National Cyber Incident Response Plan Update
On December 16, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a request for comment in the Federal Register on a draft National Cyber Incident Response Plan (NCIRP) Update, which requests feedback on the draft update. CISA is extending the public comment period for the draft update for an additional thirty days through February 14, 2025.
Learn More