{"description":"Documents matching 'Authentication Management rulemaking'","count":2083,"total_pages":50,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=Authentication+Management+rulemaking&format=json&page=2","results":[{"title":"Call Authentication Trust Anchor","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission) adopts rules that strengthen the Commission's caller ID authentication requirements by establishing clear practices for providers that rely on third parties to fulfill their STIR/SHAKEN implementation obligations. The rules authorize providers with a STIR/ SHAKEN implementation obligation to engage third parties to perform the technological act of digitally \"signing\" calls consistent with the requirements of the STIR/SHAKEN technical standards so long as: the provider with the implementation obligation makes the \"attestation- level\" decisions for authenticating caller ID information; and all calls are signed using the certificate of the provider with the implementation obligation--not the certificate of a third party. The rules also explicitly require all providers with a STIR/SHAKEN implementation obligation to obtain a Service Provider Code (SPC) token from the STIR/SHAKEN Policy Administrator and present that token to a STIR/SHAKEN Certificate Authority to obtain a digital certificate. Additionally, the rules include recordkeeping requirements for third- party authentication arrangements to enable the Commission to monitor compliance with and enforce Commission rules.","document_number":"2025-15809","html_url":"https://www.federalregister.gov/documents/2025/08/19/2025-15809/call-authentication-trust-anchor","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-08-19/pdf/2025-15809.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-15809.pdf?1755521150","publication_date":"2025-08-19","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"model. This, in turn, will protect consumers by promoting more ubiquitous and accurate caller ID <span class=\"match\">authentication</span>.\n \n A. Authorizing Third-Party <span class=\"match\">Authentication</span> Subject to Limitations To Prevent Abuse \n 1. Defining the Scope of Third-Party <span class=\"match\">Authentication</span> \n \n We first define “third-party <span class=\"match\">authentication</span>” for the purposes of the rules we adopt today, and also delineate the types of providers that are covered by the rules. In the \n Sixth Caller ID <span class=\"match\">Authentication</span> Further Notice \n (88 FR 29035, May 5, 2023), we sought comment on the types of third-party arrangements"},{"title":"Call Authentication Trust Anchor","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes to require that providers that continue to rely on non-IP networks implement non-IP caller ID authentication frameworks, including proposing to develop criteria for evaluating whether non-IP caller ID authentication frameworks are developed and reasonably available, as required by the TRACED Act, and proposing to conclude that certain existing frameworks satisfy those requirements.","document_number":"2025-10998","html_url":"https://www.federalregister.gov/documents/2025/06/16/2025-10998/call-authentication-trust-anchor","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-16/pdf/2025-10998.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-10998.pdf?1749818725","publication_date":"2025-06-16","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"ID <span class=\"match\">Authentication</span> Report and Order and Further Notice of Proposed <span class=\"match\">Rulemaking</span> \n (85 FR 22029, Apr. 21, 2020). There, the Commission made clear that it was implementing the “reasonable measures” requirement in section 227b(b)(1)(B) and it referred to the STIR/SHAKEN framework as a “SIP-based solution.” The TRACED Act requires the Commission to “grant a delay of required compliance” with the implementation deadline for non-IP caller ID <span class=\"match\">authentication</span> for voice service providers materially reliant on non-IP networks “until a call <span class=\"match\">authentication</span> protocol"},{"title":"Enhancing Know-Your-Upstream-Provider Requirements and Strengthening STIR/SHAKEN (Call Authentication Trust Anchor; Advanced Methods To Target and Eliminate Unlawful Robocalls)","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes steps to strengthen its robocall mitigation framework by enhancing Know-Your-Upstream-Provider (KYUP) requirements, improving oversight of voice service providers by the STIR/SHAKEN Governance Authority, raising caller ID attestation standards, and closing implementation gaps in STIR/SHAKEN implementation. Specifically, the Commission proposes establishing baseline KYUP information-collection, compliance review, verification, monitoring, and responsive-action requirements to ensure providers can identify and cut off bad-actor upstream providers. The Commission also proposes measures to expand the Governance Authority's vetting, enforcement, and reporting responsibilities to prevent misuse of STIR/SHAKEN certificates and to remove noncompliant providers from the authentication ecosystem. The Commission further proposes clarifying and strengthening STIR/SHAKEN attestation rules, including codifying attestation levels, defining improper attestations, and specifying permissible mechanisms for verifying number-to-customer associations. Additionally, the Commission proposes and seeks comment on additional steps to close caller ID authentication gaps, such as refining provider definitions, reconsidering exemptions, requiring providers serving end users to assign STIR/SHAKEN attestations, and ensuring calls maintain authentication information. The Commission also seeks comment on special circumstances, including addressing issues with foreign- originated calls.","document_number":"2026-13874","html_url":"https://www.federalregister.gov/documents/2026/07/09/2026-13874/enhancing-know-your-upstream-provider-requirements-and-strengthening-stirshaken-call-authentication","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-07-09/pdf/2026-13874.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-13874.pdf?1783514714","publication_date":"2026-07-09","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"providers could automatically decline to <span class=\"match\">authenticate</span> caller ID information. In the \n Sixth Caller ID <span class=\"match\">Authentication</span> Order, \n the Commission established the requirement that the first intermediate provider in the path of an unauthenticated SIP call <span class=\"match\">authenticate</span> the call. We propose to modify that rule to place the <span class=\"match\">authentication</span> requirement on all intermediate providers and by narrowing it to non-SIP calls that they will not be blocking based on the proposed rule above. While the existing rule only requires <span class=\"match\">authentication</span> by the first intermediate provider"},{"title":"Improving the Effectiveness of the Robocall Mitigation Database; CORES Registration System","type":"Rule","abstract":"In this document, the Federal Communications Commission (FCC or Commission) adopts rules requiring Robocall Mitigation Database (RMD or Database) filers to take additional steps to ensure the accuracy, completeness, and currentness of submitted information. The rules also establish a base forfeiture of $10,000 for each violation for filers that submit false or inaccurate information to the Database, as well as a base forfeiture of $1,000 for failure to update information that has changed in the Database within 10 days. Further, the Wireline Competition Bureau is directed to establish a dedicated reporting mechanism for deficient filings in the Database, as well as to issue additional guidance and \"best practices\" for filers. Additionally, the Wireline Competition Bureau and Office of the Managing Director are directed to develop a two-factor (or more) authentication solution for accessing the Database.","document_number":"2026-00010","html_url":"https://www.federalregister.gov/documents/2026/01/06/2026-00010/improving-the-effectiveness-of-the-robocall-mitigation-database-cores-registration-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-01-06/pdf/2026-00010.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-00010.pdf?1767620708","publication_date":"2026-01-06","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"(or more) <span class=\"match\">authentication</span> solution for accessing the Database. Multi-factor <span class=\"match\">authentication</span> requires the use of multiple <span class=\"match\">authentication</span> protocols, as opposed to simply a username and password, in order to grant access to an account. For example, a two-factor <span class=\"match\">authentication</span> solution may require both use of a password and a one-time verification code. We sought comment in the \n NPRM \n on the benefits of additional security afforded by multi-factor <span class=\"match\">authentication</span>. Both ZipDX and the State AGs support the use of multi-factor <span class=\"match\">authentication</span>. In addition"},{"title":"Order No. 918; Critical Infrastructure Protection Reliability Standard CIP-003-11-Cyber Security-Security Management Controls","type":"Rule","abstract":"The Federal Energy Regulatory Commission (Commission) approves the proposed Critical Infrastructure Protection (CIP) Reliability Standard CIP-003-11 (Cyber Security--Security Management Controls). The North American Electric Reliability Corporation (NERC), the Commission- certified Electric Reliability Organization (ERO), submitted the proposed Reliability Standard to mitigate risks posed by a coordinated cyberattack on low-impact facilities, the aggregate impact of which could be much greater.","document_number":"2026-05711","html_url":"https://www.federalregister.gov/documents/2026/03/24/2026-05711/order-no-918-critical-infrastructure-protection-reliability-standard-cip-003-11-cyber","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-03-24/pdf/2026-05711.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-05711.pdf?1774269913","publication_date":"2026-03-24","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"CIP Reliability Standard CIP-003-11 specifies security <span class=\"match\">management</span> controls that establish responsibility and accountability to protect low impact BES Cyber Systems against compromise that could lead to misoperation or instability in the bulk electric system.\n 3 \n \n The proposed modifications to the Reliability Standard mitigate the risks posed by a coordinated attack utilizing distributed low impact BES Cyber Systems by adding controls to <span class=\"match\">authenticate</span> remote users, protecting <span class=\"match\">authentication</span> information in transit, and detecting malicious communications"},{"title":"Information Collection Being Submitted for Review and Approval to Office of Management and Budget","type":"Notice","abstract":"As part of its continuing effort to reduce paperwork burdens, as required by the Paperwork Reduction Act (PRA) of 1995, the Federal Communications Commission (FCC or the Commission) invites the general public and other Federal Agencies to take this opportunity to comment on the following information collection. Pursuant to the Small Business Paperwork Relief Act of 2002, the FCC seeks specific comment on how it might further reduce the information collection burden for small business concerns with fewer than 25 employees. The Commission may not conduct or sponsor a collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number. No person shall be subject to any penalty for failing to comply with a collection of information subject to the PRA that does not display a valid OMB control number.","document_number":"2025-12398","html_url":"https://www.federalregister.gov/documents/2025/07/02/2025-12398/information-collection-being-submitted-for-review-and-approval-to-office-of-management-and-budget","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-02/pdf/2025-12398.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12398.pdf?1751373920","publication_date":"2025-07-02","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"service providers to implement STIR/SHAKEN caller ID <span class=\"match\">authentication</span> technology in the internet protocol (IP) portions of their networks and implement an effective caller ID <span class=\"match\">authentication</span> framework in the non-IP portions of their networks. Among other provisions, the TRACED Act also directs the Commission to create extension mechanisms for voice service providers. On September 29, 2020, the Commission adopted its \n Call <span class=\"match\">Authentication</span> Trust Anchor Second Report and Order. See Call <span class=\"match\">Authentication</span> Trust Anchor, \n WC Docket No. 17-97, Second Report and"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-003-11-Cyber Security-Security Management Controls","type":"Proposed Rule","abstract":"The Federal Energy Regulatory Commission (Commission) proposes to approve Critical Infrastructure Protection (CIP) Reliability Standard: CIP-003-11 (Cyber Security--Security Management Controls). The North American Electric Reliability Corporation, the Commission- certified electric reliability organization, submitted the proposed Reliability Standard modifications to mitigate risks posed by a coordinated cyberattack on low impact facilities; the aggregate impact of which could be much greater.","document_number":"2025-18396","html_url":"https://www.federalregister.gov/documents/2025/09/23/2025-18396/critical-infrastructure-protection-reliability-standard-cip-003-11-cyber-security-security","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-23/pdf/2025-18396.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-18396.pdf?1758545114","publication_date":"2025-09-23","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"entities to implement controls to <span class=\"match\">authenticate</span> users prior to permitting access to networks containing low impact BES Cyber Systems or Shared Cyber Infrastructure that supports a low impact BES Cyber System.\n 22 \n \n In addition, NERC explains that proposed Attachment 1, Section 3.1.4 would require responsible entities to protect their user <span class=\"match\">authentication</span> information while in transit between a remote user's Cyber Asset and either the asset containing the low impact BES Cyber Systems or the entity's <span class=\"match\">authentication</span> system.\n 23 \n \n \n \n \n 20 \n  \n Id."},{"title":"Protecting the Nation's Communications Systems From Cybersecurity Threats","type":"Notice","abstract":"In this document, the Federal Communications Commission (\"Commission\" or \"FCC\") announces that it has reconsidered and rescinded a prior Declaratory Ruling and Notice of Proposed Rulemaking, neither of which had been published in the Federal Register. The Declaratory Ruling misconstrued the Communications Assistance for Law Enforcement Act (CALEA), and the Notice of Proposed Rulemaking was based in part on the Declaratory Ruling's flawed legal analysis and proposed ineffective cybersecurity requirements. This Order follows the FCC's engagement with providers to help strengthen their cybersecurity posture.","document_number":"2025-22830","html_url":"https://www.federalregister.gov/documents/2025/12/15/2025-22830/protecting-the-nations-communications-systems-from-cybersecurity-threats","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-12-15/pdf/2025-22830.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-22830.pdf?1765547125","publication_date":"2025-12-15","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"notice-and-comment <span class=\"match\">rulemaking</span>, that requires licensees that operate submarine cable networks to create and implement cybersecurity risk <span class=\"match\">management</span> plans. That action included a Further Notice of Proposed <span class=\"match\">Rulemaking</span> that proposes to fast-track submarine cable applications by presumptively exempting them from Executive Branch review if they meet certain enhanced physical and cybersecurity standards, among other requirements. \n In May 2025, the Commission also adopted a Report and Order and Further Notice of Proposed <span class=\"match\">Rulemaking</span> adopting rules to ensure"},{"title":"Call Authentication Trust Anchor","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission) takes further steps to combat illegally spoofed robocalls by strengthening and expanding caller ID authentication and robocall mitigation obligations and creating new mechanisms to hold providers accountable for violations of the Commission's rules.","document_number":"2023-12142","html_url":"https://www.federalregister.gov/documents/2023/06/21/2023-12142/call-authentication-trust-anchor","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-06-21/pdf/2023-12142.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-12142.pdf?1687265121","publication_date":"2023-06-21","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"require response within 24 hours in the \n Fifth Caller ID <span class=\"match\">Authentication</span> Report and Order, \n 87 FR 42916 (July 18, 2022). As a result of that action, intermediate providers may decline to <span class=\"match\">authenticate</span> caller ID information given that compliance with the traceback alternative has been made mandatory. In the \n Fifth Caller ID <span class=\"match\">Authentication</span> Further Notice of Proposed <span class=\"match\">Rulemaking</span> (FNPRM), \n 87 FR 42670 (July 18, 2022), the Commission proposed closing this gap in the STIR/SHAKEN caller ID <span class=\"match\">authentication</span> regime by requiring all U.S. intermediate providers in"},{"title":"Call Authentication Trust Anchor","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) seeks comment on additional measures to strengthen its caller ID authentication framework and further stem the tide of illegally spoofed calls. Specifically, this document seeks comment on the use of third-party caller ID authentication solutions, including whether any changes should be made to the Commission's rules to permit, prohibit, or limit their use. It also seeks comment on whether to eliminate the STIR/SHAKEN implementation extension for providers that cannot obtain Service Provider Code (SPC) tokens, which are necessary to participate in the STIR/SHAKEN caller ID authentication framework.","document_number":"2023-09543","html_url":"https://www.federalregister.gov/documents/2023/05/05/2023-09543/call-authentication-trust-anchor","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-05-05/pdf/2023-09543.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-09543.pdf?1683204319","publication_date":"2023-05-05","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"to the \n Fifth Caller ID <span class=\"match\">Authentication</span> Further Notice \n indicates that there could be benefits to explicitly authorizing third-party <span class=\"match\">authentication</span> arrangements. For instance, some commenters suggest that third-party <span class=\"match\">authentication</span> can strengthen the caller ID <span class=\"match\">authentication</span> regime by enabling STIR/SHAKEN to be applied to calls that would otherwise be transmitted without <span class=\"match\">authentication</span>. The Commission seeks comment on the full range of benefits that could result from authorization of different third-party <span class=\"match\">authentication</span> arrangements. The Commission"},{"title":"EDGAR Filer Access and Account Management","type":"Rule","abstract":"The Securities and Exchange Commission (\"Commission\") is adopting rule and form amendments concerning access to and management of accounts on the Commission's Electronic Data Gathering, Analysis, and Retrieval system (\"EDGAR\") that are related to certain technical changes to EDGAR (collectively referred to as \"EDGAR Next\"). EDGAR Next will improve the security of EDGAR, enhance filers' ability to manage their EDGAR accounts, and modernize connections to EDGAR. The amendments require electronic filers (\"filers\") to authorize and maintain designated individuals as account administrators and to take certain actions, through their account administrators, to manage their accounts on EDGAR. Further, pursuant to these amendments, filers may only authorize individuals as account administrators or in the other roles described herein if those individuals first obtain individual account credentials in the manner specified in the EDGAR Filer Manual. As part of the EDGAR Next changes, optional Application Programming Interfaces (\"APIs\") will be offered to filers for machine-to-machine communication with EDGAR. Moreover, we are amending Volume I of the EDGAR Filer Manual to accord with these changes. Filers will have 12 months from the issuance of this release to transition to EDGAR Next.","document_number":"2024-30494","html_url":"https://www.federalregister.gov/documents/2024/12/27/2024-30494/edgar-filer-access-and-account-management","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-12-27/pdf/2024-30494.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30494.pdf?1734642915","publication_date":"2024-12-27","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"excerpts":"Login.gov \n <span class=\"match\">authentication</span> applications include Android and iOS options (Google <span class=\"match\">Authenticator</span>, Authy, LastPass, 1Password), Windows and Mac apps (1Password and OTP Manager), and Chrome extensions (<span class=\"match\">Authenticator</span>). \n See generally \n \n Login.gov, \n <span class=\"match\">Authentication</span> Options at \n https://www.login.gov/help/get-started/<span class=\"match\">authentication</span>-options/. \n \n \n \n Another commenter asserted that in lieu of individual account credentials and multifactor <span class=\"match\">authentication</span>, as contemplated in the Proposing Release, \n Login.gov \n should allow EDGAR <span class=\"match\">authentication</span> via EDGAR Next"},{"title":"Adoption of Updated EDGAR Filer Manual","type":"Rule","abstract":"The Securities and Exchange Commission (\"Commission\") is adopting amendments to Volume II of the Electronic Data Gathering, Analysis, and Retrieval system Filer Manual (\"EDGAR Filer Manual\" or \"Filer Manual\") and related rules and forms. Certain updates reflect and identify changes to EDGAR made in connection with EDGAR Release 25.2. Additional updates reflect and identify changes to EDGAR made in connection with the Commission's September 27, 2024 EDGAR Filer Access and Account Management rulemaking (\"EDGAR Next\").","document_number":"2025-12286","html_url":"https://www.federalregister.gov/documents/2025/07/01/2025-12286/adoption-of-updated-edgar-filer-manual","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-01/pdf/2025-12286.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12286.pdf?1751287532","publication_date":"2025-07-01","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"excerpts":"Next rule and form amendments related to EDGAR filer access and account <span class=\"match\">management</span>.\n 4 \n \n As part of the EDGAR Next <span class=\"match\">rulemaking</span>, the Commission approved changes to Volume I of the Filer Manual to be effective March 24, 2025, and indicated that it expected to adopt changes to Volume II of the Filer Manual at a future date. Changes to Volume II were not adopted at that time because it was expected that Volume II would subsequently be amended related to other Commission <span class=\"match\">rulemaking</span> in upcoming quarterly releases.\n \n \n \n 4 \n  \n See \n footnote 2.\n \n \n The"},{"title":"Unaccompanied Children Program Foundational Rule; Sponsor Assessment Update To Include Proof of Identity, Background Check, Placement, and Income Verification Standards","type":"Proposed Rule","abstract":"This notice of proposed rulemaking (NPRM, or proposed rule) would establish certain additional requirements for sponsor suitability assessments related to proof of identity, proof of income, and other information required for background checks to promote the safe placement of unaccompanied alien children (UAC). This NPRM proposes acceptable documentation for proof of identity and would require proof of income from potential sponsors of UAC in ORR custody by reason of their immigration status, as described in the Homeland Security Act of 2002 (HSA) and the William Wilberforce Trafficking Victims Protection Reauthorization Act of 2008 (TVPRA). This NPRM also proposes amendments to background check requirements for sponsor suitability assessments and the conduct of examinations of UAC related to considerations of UAC dangerousness to self or others that align with the One Big Beautiful Bill Act. Finally, this NPRM proposes certain administrative updates to align numbering and terminology between proposals and existing regulations. The docket on https://www.regulations.gov will include a plain language summary of the NPRM.","document_number":"2026-12946","html_url":"https://www.federalregister.gov/documents/2026/06/26/2026-12946/unaccompanied-children-program-foundational-rule-sponsor-assessment-update-to-include-proof-of","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-26/pdf/2026-12946.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-12946.pdf?1782391518","publication_date":"2026-06-26","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Administration for Children and Families","name":"Children and Families Administration","id":49,"url":"https://www.federalregister.gov/agencies/children-and-families-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/49","parent_id":221,"slug":"children-and-families-administration"}],"excerpts":"are more difficult to falsify and may be more readily <span class=\"match\">authenticated</span> relative to documents ORR has accepted in the past, such as those with which ORR had to liaise with the Department of State, foreign consulates, and embassies to verify. ORR notes, with respect to foreign-issued documents, that it has historically had difficulty coordinating with foreign governments to <span class=\"match\">authenticate</span> documents and as further discussed below, not only do the practices of each government vary for <span class=\"match\">authenticating</span> documents, but so do foreign governments' responsiveness"},{"title":"Required Rulemaking on Personal Financial Data Rights","type":"Rule","abstract":"The Consumer Financial Protection Bureau (CFPB) is issuing a final rule to carry out the personal financial data rights established by the Consumer Financial Protection Act of 2010 (CFPA). The final rule requires banks, credit unions, and other financial service providers to make consumers' data available upon request to consumers and authorized third parties in a secure and reliable manner; defines obligations for third parties accessing consumers' data, including important privacy protections; and promotes fair, open, and inclusive industry standards.","document_number":"2024-25079","html_url":"https://www.federalregister.gov/documents/2024/11/18/2024-25079/required-rulemaking-on-personal-financial-data-rights","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-11-18/pdf/2024-25079.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-25079.pdf?1731678320","publication_date":"2024-11-18","agencies":[{"raw_name":"Consumer Financial Protection Bureau","name":"Consumer Financial Protection Bureau","id":573,"url":"https://www.federalregister.gov/agencies/consumer-financial-protection-bureau","json_url":"https://www.federalregister.gov/api/v1/agencies/573","parent_id":null,"slug":"consumer-financial-protection-bureau"}],"excerpts":"in a <span class=\"match\">rulemaking</span> focused on data broker activities (Data Broker <span class=\"match\">Rulemaking</span>).\n \n With respect to the sequencing of the Personal Financial Data Rights and the Medical Debt and Data Broker <span class=\"match\">rulemakings</span>, the fact that this final rule does not change what a person would need to do to comply with its existing obligations under the FCRA means that completing the Medical Debt and Data Broker <span class=\"match\">rulemakings</span> is not necessary to finalize this <span class=\"match\">rulemaking</span>. The CFPB will consider feedback received in the course of the Medical Debt and Data Broker <span class=\"match\">rulemakings</span>, evaluate"},{"title":"Enhancing Surface Cyber Risk Management","type":"Proposed Rule","abstract":"The Transportation Security Administration (TSA) is proposing to impose cyber risk management (CRM) requirements on certain pipeline and rail owner/operators and a more limited requirement, on certain over-the-road bus (OTRB) owner/operators, to report cybersecurity incidents. With the proposed addition of requirements applicable to pipeline facilities and systems, TSA is also proposing that a requirement to have a Physical Security Coordinator and report significant physical security concerns be extended to the same facilities and systems. Finally, TSA is proposing clarifications and reorganization of other regulatory requirements necessitated by these changes.","document_number":"2024-24704","html_url":"https://www.federalregister.gov/documents/2024/11/07/2024-24704/enhancing-surface-cyber-risk-management","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-11-07/pdf/2024-24704.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-24704.pdf?1730900722","publication_date":"2024-11-07","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Transportation Security Administration","name":"Transportation Security Administration","id":494,"url":"https://www.federalregister.gov/agencies/transportation-security-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/494","parent_id":227,"slug":"transportation-security-administration"}],"excerpts":"in paragraph (b)(1)(i) of this section. \n (2) Multi-factor <span class=\"match\">authentication</span>, or other logical/virtual and physical security controls to supplement memorized secret <span class=\"match\">authenticators</span> (such as passwords) to provide risk mitigation commensurate to multi-factor <span class=\"match\">authentication</span>. If an owner/operator does not apply multi-factor <span class=\"match\">authentication</span> for access to Operational Technology components or assets, the owner/operator must specify what compensating controls are used to manage access. \n (3) <span class=\"match\">Management</span> of access rights based on the principles of least privilege"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the DoD is creating a new system of records titled \"Suspension and Debarment Records,\" DoD-0027. This system of records notice (SORN) is being established to collect and document decisions regarding suspension, debarment, or other administrative remedy under the Federal Acquisition Regulation, or the Non-procurement Common Rule. Additionally, DoD is issuing a Notice of Proposed Rulemaking, which proposes to exempt this system of records from certain provisions of the Privacy Act, elsewhere in today's issue of the Federal Register.","document_number":"2025-14139","html_url":"https://www.federalregister.gov/documents/2025/07/28/2025-14139/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-28/pdf/2025-14139.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-14139.pdf?1753447512","publication_date":"2025-07-28","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"administrative, technical, and physical safeguards to information systems and paper recordkeeping systems such as the following: multifactor <span class=\"match\">authentication</span>, including CAC <span class=\"match\">authentication</span> and password; physical token as required; physical and technological access controls governing access to data; network encryption to protect data transmitted over the network; disk encryption security disks storing data; key <span class=\"match\">management</span> services to safeguard encryption keys; masking of sensitive data as practicable; mandatory information assurance and privacy training for"},{"title":"Advancing IP Interconnection","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) adopted a Notice of Proposed Rulemaking that proposes to eliminate burdensome legacy interconnection regulations that may prevent providers of modern, internet Protocol (IP)-based networks from interconnecting efficiently, and also seeks comment on ways the Commission can facilitate a successful transition to all-IP interconnection for voice services while retaining critical oversight in areas of public safety and consumer protection, and ensuring competition. The Notice of Proposed Rulemaking proposes to forbear from incumbent local exchange carrier (LEC)-specific interconnection and related obligations, and to eliminate the Commission's rules implementing those provisions by December 31, 2028. The Commission also seeks comment on whether and to what extent eliminating the incumbent LEC-specific interconnection regulatory framework may affect other statutory frameworks or Commission rules, and whether the Commission should revisit any other provisions or rules that are rendered redundant by the elimination of incumbent LECs' interconnection obligations. Finally, the Commission seeks comment on what, if any, regulatory framework for IP interconnection should replace the current interconnection framework under section 251(c)(2), and on the scope of the Commission's authority to regulate IP interconnection under any such framework.","document_number":"2025-21324","html_url":"https://www.federalregister.gov/documents/2025/11/26/2025-21324/advancing-ip-interconnection","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-11-26/pdf/2025-21324.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-21324.pdf?1764078345","publication_date":"2025-11-26","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"Caller ID <span class=\"match\">Authentication</span> NPRM, \n which would give providers two years to either upgrade their networks to IP or to implement a non-IP caller ID <span class=\"match\">authentication</span> solution, to December 31, 2028, or whatever sunset date we ultimately adopt. We believe that aligning the dates of our proposals in this manner best facilitates the goals of each item and avoids any inconsistencies or redundancies that might otherwise arise. Do commenters agree? What other considerations should we take into account in light of the \n Non-IP Caller ID <span class=\"match\">Authentication</span> NPRM' \n s"},{"title":"Information Collections Being Submitted for Review and Approval to Office of Management and Budget","type":"Notice","abstract":"As part of its continuing effort to reduce paperwork burdens, as required by the Paperwork Reduction Act (PRA) of 1995, the Federal Communications Commission (FCC or the Commission) invites the general public and other Federal Agencies to take this opportunity to comment on the following information collection. Pursuant to the Small Business Paperwork Relief Act of 2002, the FCC seeks specific comment on how it might \"further reduce the information collection burden for small business concerns with fewer than 25 employees.\" The Commission may not conduct or sponsor a collection of information unless it displays a currently valid Office of Management and Budget (OMB) control number. No person shall be subject to any penalty for failing to comply with a collection of information subject to the PRA that does not display a valid OMB control number.","document_number":"2024-25103","html_url":"https://www.federalregister.gov/documents/2024/10/29/2024-25103/information-collections-being-submitted-for-review-and-approval-to-office-of-management-and-budget","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-29/pdf/2024-25103.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-25103.pdf?1730119530","publication_date":"2024-10-29","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"seeks specific comment on how it might “further reduce the information collection burden for small business \n \n concerns with fewer than 25 employees.”\n \n The Commission may not conduct or sponsor a collection of information unless it displays a currently valid Office of <span class=\"match\">Management</span> and Budget (OMB) control number. No person shall be subject to any penalty for failing to comply with a collection of information subject to the PRA that does not display a valid OMB control number. \n \n \n DATES: \n Written comments and recommendations for the proposed information"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the DoD is modifying and reissuing a current system of records notice titled \"Case Reporting and Information Management System Records,\" CIG-04. The system of records is being retitled, \"Inspector General Criminal Investigation Records (IGCIR).\" This system of records was originally established by the DoD OIG to collect and maintain records on individuals suspected of criminal misconduct and investigated pursuant to the Inspector General Act. This system of records is being combined with CIG-06, \"Investigative Files,\" to consolidate criminal investigative records and investigative files into a single system. A separate notice rescinding CIG-06 is being published elsewhere in today's issue of the Federal Register. This system of records notice (SORN) is being updated to incorporate the DoD standard routine uses and to support additional information sharing outside of the DoD in furtherance of external oversight, case management, and required reporting. The DoD is also modifying various other sections within the SORN to add exemptions, improve clarity, and update information that has changed. Additionally, the DoD is issuing a Notice of Proposed Rulemaking (NPRM), which proposes to exempt this system of records from certain provisions of the Privacy Act, elsewhere in today's issue of the Federal Register.","document_number":"2026-06950","html_url":"https://www.federalregister.gov/documents/2026/04/10/2026-06950/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-10/pdf/2026-06950.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-06950.pdf?1775738713","publication_date":"2026-04-10","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"updated to incorporate the DoD standard routine uses and to support additional information sharing outside of the DoD in furtherance of external oversight, case <span class=\"match\">management</span>, and required reporting. The DoD is also modifying various other sections within the SORN to add exemptions, improve clarity, and update information that has changed. Additionally, the DoD is issuing a Notice of Proposed <span class=\"match\">Rulemaking</span> (NPRM), which proposes to exempt this system of records from certain provisions of the Privacy Act, elsewhere in today's issue of the \n Federal Register "},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the DoD is establishing a new Department-wide system of records titled, \"Counterintelligence Investigations and Collection Activities (CICA),\" DoD-0025. This system of records covers DoD's maintenance of records about counterintelligence (CI) investigations and collection activities. The purpose of CICA is to determine whether an individual is acting for or on behalf of foreign powers organizations, or persons, or their agents, or international terrorist organizations or activities. This differs from the purpose of Counterintelligence Functional Services (CIFS), DoD-0010, which protects Department resources and personnel from foreign adversaries who seek to exploit sensitive information, operations, and agency programs to the detriment of the U.S. Government. It is also separate from the purpose of the DoD Insider Threat Management and Analysis Center (DITMAC) and DoD Component Insider Threat Records System, DUSDI 01-DoD, which addresses security functions. Additionally, DoD is issuing a Notice of Proposed Rulemaking, which proposes to exempt this system of records from certain provisions of the Privacy Act, elsewhere in today's issue of the Federal Register.","document_number":"2025-13582","html_url":"https://www.federalregister.gov/documents/2025/07/21/2025-13582/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-21/pdf/2025-13582.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-13582.pdf?1752842708","publication_date":"2025-07-21","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"administrative, technical, and physical safeguards to information systems and paper recordkeeping systems such as the following: multifactor <span class=\"match\">authentication</span>, including CAC <span class=\"match\">authentication</span> and password; physical token as required; physical and technological access controls governing access to data; network encryption to protect data transmitted over the network; disk encryption security disks storing data; key <span class=\"match\">management</span> services to safeguard encryption keys; masking of sensitive data as practicable; mandatory information assurance and privacy training for"}]}