{"description":"Documents matching 'Cybersecurity Monitoring IT Services'","count":1167,"total_pages":50,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=Cybersecurity+Monitoring+IT+Services&format=json&page=2","results":[{"title":"Cybersecurity in the Marine Transportation System","type":"Rule","abstract":"The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.","document_number":"2025-00708","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-00708.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00708.pdf?1736802922","publication_date":"2025-01-17","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"by establishing minimum <span class=\"match\">cybersecurity</span> requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging <span class=\"match\">cybersecurity</span> threats in the marine transportation system by adding minimum <span class=\"match\">cybersecurity</span> requirements to help detect risks and respond to and recover from <span class=\"match\">cybersecurity</span> incidents. These include requirements to develop and maintain a <span class=\"match\">Cybersecurity</span> Plan, designate a <span class=\"match\">Cybersecurity</span> Officer, and take various"},{"title":"Fine Denier Polyester Staple Fiber: Monitoring Developments in the Domestic Industry; Institution and Scheduling Notice for the Subject Investigation","type":"Notice","abstract":"The Commission has instituted investigation No. TA-201-78 (Monitoring), Fine Denier Polyester Staple Fiber: Report on Monitoring of Developments in the Domestic Industry, for the purpose of preparing the report to the President and the Congress required by section 204(a)(2) of the Trade Act of 1974 on its monitoring of developments in the domestic industry following the President's decision to impose a safeguard measure on imports of fine denier polyester staple fiber (\"fine denier PSF\"), as described in Proclamation 10857 of November 8, 2024.","document_number":"2026-10545","html_url":"https://www.federalregister.gov/documents/2026/05/28/2026-10545/fine-denier-polyester-staple-fiber-monitoring-developments-in-the-domestic-industry-institution-and","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-28/pdf/2026-10545.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-10545.pdf?1779885908","publication_date":"2026-05-28","agencies":[{"raw_name":"INTERNATIONAL TRADE COMMISSION","name":"International Trade Commission","id":262,"url":"https://www.federalregister.gov/agencies/international-trade-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/262","parent_id":null,"slug":"international-trade-commission"}],"excerpts":"ACTION: \n Notice. \n \n \n SUMMARY: \n The Commission has instituted investigation No. TA-201-78 (<span class=\"match\">Monitoring</span>), Fine Denier Polyester Staple Fiber: Report on <span class=\"match\">Monitoring</span> of Developments in the Domestic Industry, for the purpose of preparing the report to the President and the Congress required by section 204(a)(2) of the Trade Act of 1974 on its <span class=\"match\">monitoring</span> of developments in the domestic industry following the President's decision to impose a safeguard measure on imports of fine denier polyester staple fiber (“fine denier PSF”), as described in Proclamation"},{"title":"Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)","type":"Rule","abstract":"DoD is issuing a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification program rule, titled Cybersecurity Maturity Model Certification Program. This final DFARS rule also partially implements a section of the National Defense Authorization Act for Fiscal Year 2020 that directed the Secretary of Defense to develop a consistent, comprehensive framework to enhance cybersecurity for the U.S. defense industrial base.","document_number":"2025-17359","html_url":"https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-17359.pdf?1757421911","publication_date":"2025-09-10","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Defense Acquisition Regulations System","name":"Defense Acquisition Regulations System","id":97,"url":"https://www.federalregister.gov/agencies/defense-acquisition-regulations-system","json_url":"https://www.federalregister.gov/api/v1/agencies/97","parent_id":103,"slug":"defense-acquisition-regulations-system"}],"excerpts":"Notice of <span class=\"match\">Cybersecurity</span> Maturity Model Certification Level Requirements (Nov 2025) \n \n (a) \n Definitions. \n As used in this provision, \n controlled unclassified information (CUI), current, \n \n <span class=\"match\">Cybersecurity</span> Maturity Model Certification (CMMC) status, <span class=\"match\">Cybersecurity</span> Maturity Model Certification unique identifier (CMMC UID), \n \n Federal contract information (FCI), \n and \n Plan of action and milestones \n have the meaning given in the Defense Federal Acquisition Regulation Supplement 252.204-7021, Contractor Compliance With the <span class=\"match\">Cybersecurity</span> Maturity"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) stablishes the Schools and Libraries Cybersecurity Pilot Program (Pilot or Pilot Program). The Pilot Program will enable the Commission to evaluate the impact that using Universal Service Fund (USF or Fund) support for eligible cybersecurity services and equipment will have on protecting school and library broadband networks and data. In so doing, the Commission seeks to address the apparent needs of schools and libraries for additional support for cybersecurity services and equipment, while evaluating the impact that providing that support would have on the USF.","document_number":"2024-15866","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-15866/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-15866.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-15866.pdf?1722257112","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"the Commission can gather key data on the types of <span class=\"match\">cybersecurity</span> <span class=\"match\">services</span> and equipment that K-12 schools and libraries need to protect their broadband networks and securely connect students, school staff, and library patrons to advanced communications that are integral to education. The Pilot Program will evaluate whether supporting <span class=\"match\">cybersecurity</span> <span class=\"match\">services</span> and equipment with universal <span class=\"match\">service</span> funds advances the key universal <span class=\"match\">service</span> principles of providing quality internet and broadband <span class=\"match\">services</span> to K-12 schools and libraries at just, reasonable,"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Through Strengthening <span class=\"match\">Cybersecurity</span>,” \n supra \n note 306.\n \n \n \n \n 313 \n  \n See, e.g., \n “Free <span class=\"match\">Cybersecurity</span> <span class=\"match\">Services</span> and Tools,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/resources-tools/resources/free-<span class=\"match\">cybersecurity</span>-<span class=\"match\">services</span>-and-tools; \n “Cyber Hygiene <span class=\"match\">Services</span>,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/cyber-hygiene-<span class=\"match\">services</span>; \n “<span class=\"match\">Cybersecurity</span> Resources for High-Risk Communities,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure"},{"title":"Notice of Solicitation of Proposals for the Department of Defense University Consortium for Cybersecurity Support Center","type":"Notice","abstract":"The Secretary of Defense has determined the need for a Support Center (Center) for the University Consortium for Cybersecurity (UC2). The Center will provide, during a two-year term, administrative support for the academic research and engagement activities of UC2. To be eligible, interested institutions must have been designated as National Centers of Academic Excellence (NCAE) in cybersecurity for at least 24 months from the date of the publication of this notice and, further, must demonstrate an understanding of cybersecurity research, be eligible for access to classified material, and demonstrate commitment to the UC2 mission of a closer collaboration between academia and the DoD.","document_number":"2024-20652","html_url":"https://www.federalregister.gov/documents/2024/09/12/2024-20652/notice-of-solicitation-of-proposals-for-the-department-of-defense-university-consortium-for","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-12/pdf/2024-20652.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-20652.pdf?1726058734","publication_date":"2024-09-12","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"designation was created to manage a collaborative <span class=\"match\">cybersecurity</span> educational program with community colleges, colleges, and universities that: (1) establishes standards for <span class=\"match\">cybersecurity</span> curriculum and academic excellence; (2) includes competency development among students and faculty; (3) values community outreach and leadership in professional development; (4) integrates <span class=\"match\">cybersecurity</span> practice within the institution across academic disciplines; and (5) actively engages in solutions to challenges facing <span class=\"match\">cybersecurity</span> education. \n There are three types of designations:"},{"title":"Cybersecurity Maturity Model Certification (CMMC) Program","type":"Rule","abstract":"With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.","document_number":"2024-22905","html_url":"https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22905.pdf?1728650732","publication_date":"2024-10-15","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"has revised the rule to reduce the assessment burden on External <span class=\"match\">Service</span> Providers (ESP). ESP assessment, certification, and authorization requirements in §§  170.19(c)(2) and (d)(2) have been updated. The use of an ESP, its relationship to the OSA, and the <span class=\"match\">services</span> provided need to be documented in the OSA's SSP and described in the ESP's <span class=\"match\">service</span> description and customer responsibility matrix (CRM), which describes the responsibilities of the OSA and ESP with respect to the <span class=\"match\">services</span> provided.\n \n ESPs that are CSPs, and process, store, or transmit"},{"title":"Cybersecurity Labeling for Internet of Things","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) establishes a voluntary cybersecurity labeling program for wireless consumer Internet of Things, or IoT, products. The program will provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Cyber Trust Mark and a QR code linked to a dynamic, decentralized, publicly available registry of more detailed cybersecurity information. This program will help consumers make safer purchasing decisions, raise consumer confidence regarding the cybersecurity of the IoT products they buy, and encourage manufacturers to develop IoT products with security-by- design principles in mind.","document_number":"2024-14148","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-14148/cybersecurity-labeling-for-internet-of-things","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-14148.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-14148.pdf?1722257113","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":" \n <span class=\"match\">Cybersecurity</span> Utility: \n Maintaining confidentiality, integrity, and availability of data is foundational to <span class=\"match\">cybersecurity</span> for IoT products. Customers will expect that data are protected and that protection of data helps to ensure safe and intended functionality of the IoT product.\n \n \n (4) \n Interface Access Control: \n The IoT product restricts logical access to local and network interfaces—and to protocols and <span class=\"match\">services</span> used by those interfaces—to only authorized individuals, <span class=\"match\">services</span>, and IoT product components.\n \n \n i. \n <span class=\"match\">Cybersecurity</span> Utility:"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Rule","abstract":"The Federal Energy Regulatory Commission (Commission) approves proposed Reliability Standard CIP-015-1 (Cyber Security--Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission directs NERC to develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter. The Commission also provides greater clarity about the term CIP-networked environment as it is used in proposed Reliability Standard CIP-015-1.","document_number":"2025-12309","html_url":"https://www.federalregister.gov/documents/2025/07/02/2025-12309/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-02/pdf/2025-12309.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12309.pdf?1751373912","publication_date":"2025-07-02","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"NIST SP 800-82r3 at 74 (recommending the analyzing of information to differentiate between known and unknown communication as a necessary first step in implementing network security <span class=\"match\">monitoring</span>). The term INSM is used by the Commission in Order No. 887, but the <span class=\"match\">cybersecurity</span> industry uses the term “network security <span class=\"match\">monitoring</span>.”\n \n \n \n \n 92 \n  \n See \n CISA <span class=\"match\">Cybersecurity</span> Advisory at 2-6 (describing how a CISA Red Team gained access to workstations and servers from an identity and access management system serving as an electronic access control system"},{"title":"Potential Enhancements to the Critical Infrastructure Protection Reliability Standards","type":"Notice","abstract":"The Commission withdraws a notice of inquiry, which sought comment on whether the then-effective Critical Infrastructure Protection (CIP) Reliability Standards adequately addressed: cybersecurity risks pertaining to data security, detection of anomalies and events, and mitigation of cybersecurity events. The Commission also sought comment on the potential risk of a coordinated cyberattack on geographically distributed targets and whether Commission action, including potential modifications to the CIP Reliability Standards, would be appropriate to address such risk.","document_number":"2025-12265","html_url":"https://www.federalregister.gov/documents/2025/07/01/2025-12265/potential-enhancements-to-the-critical-infrastructure-protection-reliability-standards","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-01/pdf/2025-12265.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12265.pdf?1751287530","publication_date":"2025-07-01","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"and mitigation of <span class=\"match\">cybersecurity</span> events. Specifically, on January 19, 2023, the Commission issued Order No. 887 directing NERC to develop requirements for internal network security <span class=\"match\">monitoring</span>, which NERC submitted on June 24, 2024. Concurrently with this proceeding, we are approving Reliability Standard CIP-015-1 (Internal Network Security <span class=\"match\">Monitoring</span>) and directing further improvements to the Standard.\n 12 \n \n \n \n \n 12 \n  \n Critical Infrastructure Prot. Reliability Standard CIP-015-1—Cyber Sec.—Internal Network Sec. <span class=\"match\">Monitoring</span>, \n 191 FERC ¶ 61,224"},{"title":"Statement of Organization, Functions, and Delegations of Authority","type":"Notice","abstract":"The Centers for Medicare and Medicaid Services (CMS), Office of Health Technology and Products (OHTP), has been established. This new organizational component will provide enterprise leadership and oversight for CMS healthcare technology modernization, digital products, and transformation of platforms and services supporting Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and other CMS-administered programs, in close coordination with the CMS Chief Information Officer (CIO) and subject to CIO-led enterprise information technology (IT) governance, cybersecurity, enterprise architecture, and capital planning and investment control responsibilities, as well as CIO-led digital service delivery, customer experience, and public digital experience responsibilities under applicable law.","document_number":"2026-11743","html_url":"https://www.federalregister.gov/documents/2026/06/11/2026-11743/statement-of-organization-functions-and-delegations-of-authority","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-11/pdf/2026-11743.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11743.pdf?1781095520","publication_date":"2026-06-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"subject to CIO-led enterprise information technology (IT) governance, <span class=\"match\">cybersecurity</span>, enterprise architecture, and capital planning and investment control responsibilities, as well as CIO-led digital <span class=\"match\">service</span> delivery, customer experience, and public digital experience responsibilities under applicable law.\n \n \n \n DATES: \n This new organizational change was approved by the Secretary of Health and Human <span class=\"match\">Services</span> on June 9, 2026, and became effective that same day. \n \n \n FOR FURTHER INFORMATION CONTACT: \n Joe Kane at (410) 786-0655; 7500 Security Blvd., Baltimore"},{"title":"Strengthening and Promoting Innovation in the Nation's Cybersecurity","type":"Presidential Document","abstract":null,"document_number":"2025-01470","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting-innovation-in-the-nations-cybersecurity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-01470.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-01470.pdf?1737054015","publication_date":"2025-01-17","agencies":[{"raw_name":"EXECUTIVE OFFICE OF THE PRESIDENT","name":"Executive Office of the President","id":538,"url":"https://www.federalregister.gov/agencies/executive-office-of-the-president","json_url":"https://www.federalregister.gov/api/v1/agencies/538","parent_id":null,"slug":"executive-office-of-the-president"}],"excerpts":"delivery of critical <span class=\"match\">services</span> across the Nation, cost billions of dollars, and undermine Americans' security and privacy. More must be done to improve the Nation's <span class=\"match\">cybersecurity</span> against these threats.\n \n Building on the foundational steps I directed in Executive Order 14028 of May 12, 2021 (Improving the Nation's <span class=\"match\">Cybersecurity</span>), and the initiatives detailed in the National <span class=\"match\">Cybersecurity</span> Strategy, I am ordering additional actions to improve our Nation's <span class=\"match\">cybersecurity</span>, focusing on defending our digital infrastructure, securing the <span class=\"match\">services</span> and capabilities"},{"title":"Cybersecurity in the Marine Transportation System","type":"Proposed Rule","abstract":"The Coast Guard proposes to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This proposed rule would help to address current and emerging cybersecurity threats in the marine transportation system. We seek your comments on this proposed rule and whether we should: use and define the term reportable cyber incident to limit cyber incidents that trigger reporting requirements, use alternative methods of reporting such incidents, and amend the definition of hazardous condition.","document_number":"2024-03075","html_url":"https://www.federalregister.gov/documents/2024/02/22/2024-03075/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-22/pdf/2024-03075.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-03075.pdf?1708523113","publication_date":"2024-02-22","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"Maintenance); \n (7) <span class=\"match\">Cybersecurity</span> measures for access control, including computer, IT, and OT areas (see proposed § 101.650(a) <span class=\"match\">Cybersecurity</span> Measures: Account Measures); \n (8) Physical security controls for IT and OT systems (see proposed § 101.650(i) <span class=\"match\">Cybersecurity</span> Measures: Physical Security); \n (9) <span class=\"match\">Cybersecurity</span> measures for <span class=\"match\">monitoring</span> (see proposed § 101.650(f) <span class=\"match\">Cybersecurity</span> Measures: Supply Chain; (h) Network Segmentation; (i) Physical Security); \n (10) Audits and amendments to the <span class=\"match\">Cybersecurity</span> Plan (see proposed § 101.630(f) <span class=\"match\">Cybersecurity</span> Plan: Audits);"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Proposed Rule","abstract":"The Federal Energy Regulatory Commission (Commission) proposes to approve proposed Reliability Standard CIP-015-1 (Cyber Security-- Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission proposes to direct that NERC develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter.","document_number":"2024-22231","html_url":"https://www.federalregister.gov/documents/2024/09/27/2024-22231/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-27/pdf/2024-22231.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22231.pdf?1727354733","publication_date":"2024-09-27","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"Internal Network Security <span class=\"match\">Monitoring</span> (INSM) \n 4 \n \n to include electronic access control or <span class=\"match\">monitoring</span> systems (EACMS) \n 5 \n \n and physical access control systems (PACS) \n 6 \n \n outside of the electronic security perimeter.\n \n \n \n 1 \n  16 U.S.C. 824o(d)(2).\n \n \n \n \n 2 \n  \n Internal Network Sec. <span class=\"match\">Monitoring</span> for High &amp; Medium Impact Bulk Elec. Sys. Cyber Sys., \n Order No. 887, 88 FR 8354 (Feb. 9, 2023), 182 FERC ¶ 61,021 (2023).\n \n \n \n \n 3 \n  16 U.S.C. 824o(d)(5).\n \n \n \n \n 4 \n  INSM is “a subset of network security <span class=\"match\">monitoring</span> that is applied within"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes a three-year pilot program within the Universal Service Fund (USF or Fund) to provide up to $200 million available to support cybersecurity and advanced firewall services for eligible schools and libraries.","document_number":"2023-27811","html_url":"https://www.federalregister.gov/documents/2023/12/29/2023-27811/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-12-29/pdf/2023-27811.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-27811.pdf?1703771112","publication_date":"2023-12-29","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"U.S. consumers. \n II. Discussion \n \n 5. Mindful of the need to protect universal <span class=\"match\">service</span> funding and aware that basic firewall <span class=\"match\">services</span> may be insufficient alone to protect E-Rate-funded broadband networks, the Commission proposes a three-year Pilot program to ascertain whether supporting <span class=\"match\">cybersecurity</span> and advanced firewall <span class=\"match\">services</span> with universal <span class=\"match\">service</span> support could advance the key universal <span class=\"match\">service</span> principles of providing quality internet and broadband <span class=\"match\">services</span> to K-12 schools and libraries at just, reasonable, and affordable rates; and ensuring"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO), and Infrastructure and Operations (IOO), is issuing a public notice of its intent to establish a Privacy Act System of Records Notice (SORN) titled \"Sumo Logic.\" Sumo Logic serves as HUD's Security Information and Event Management (SIEM) tool, supporting centralized log collection, aggregation, and security monitoring. It collects system log data from HUD applications, infrastructure, security tools, and cloud platforms, and performs event correlation, custom searches, dashboard monitoring, scheduled reporting, and other standard security monitoring. This newly established system will be included in HUD's inventory of record systems.","document_number":"2026-11613","html_url":"https://www.federalregister.gov/documents/2026/06/10/2026-11613/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-10/pdf/2026-11613.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11613.pdf?1781009113","publication_date":"2026-06-10","agencies":[{"raw_name":"DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT","name":"Housing and Urban Development Department","id":228,"url":"https://www.federalregister.gov/agencies/housing-and-urban-development-department","json_url":"https://www.federalregister.gov/api/v1/agencies/228","parent_id":null,"slug":"housing-and-urban-development-department"}],"excerpts":"System Modernization Act of 2014 (FISMA), Public Law 113-283, 44 U.S.C. 3554; Executive Order 14028, Improving the Nation's <span class=\"match\">Cybersecurity</span> (May 12, 2021); and OMB Memorandum 21-31, Improving the Federal Government's Investigative and Remediation Capabilities Related to <span class=\"match\">Cybersecurity</span> Incidents (August 27, 2021). \n PURPOSE(S) OF THE SYSTEM: \n Sumo Logic supports HUD's <span class=\"match\">cybersecurity</span> operations by enabling centralized system <span class=\"match\">monitoring</span>, threat detection, event correlation and incident investigation. \n CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: \n The"},{"title":"Privacy Act of 1974; Systems of Records","type":"Notice","abstract":"Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Justice Management Division (JMD), a component within the United States Department of Justice (DOJ or Department), proposes to modify the system of records titled Security Monitoring and Analytics Service Records, JUSTICE/JMD-026, updating the capabilities and offerings included in it.","document_number":"2025-09447","html_url":"https://www.federalregister.gov/documents/2025/06/02/2025-09447/privacy-act-of-1974-systems-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-02/pdf/2025-09447.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-09447.pdf?1748609107","publication_date":"2025-06-02","agencies":[{"raw_name":"DEPARTMENT OF JUSTICE","name":"Justice Department","id":268,"url":"https://www.federalregister.gov/agencies/justice-department","json_url":"https://www.federalregister.gov/api/v1/agencies/268","parent_id":null,"slug":"justice-department"}],"excerpts":"Office of the Chief Information Officer (OCIO), <span class=\"match\">Cybersecurity</span> <span class=\"match\">Services</span> Staff (CSS), developed the Security <span class=\"match\">Monitoring</span> and Analytics <span class=\"match\">Service</span> (SMAS) to provide DOJ-managed information technology (IT) <span class=\"match\">service</span> offerings to other federal agencies wishing to leverage DOJ's <span class=\"match\">cybersecurity</span> <span class=\"match\">services</span>, referred to as “external federal agency subscribers.” 28 U.S.C. 527 establishes a working capital fund for the Department of Justice, which enables the Department to recover operational expenses for certain <span class=\"match\">services</span> delivered to other federal agencies. SMAS has"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, and the Office of Management and Budget (OMB) Circular No. A-108, notice is given that the Office of Personnel Management (OPM) proposes to establish a new system of records titled, \"OPM/Internal-3, Information Technology, Information System, and Network Activity and Access Records.\" This new system is established to reflect changes in technology, including the increased ability of OPM to link individuals to information technology, information system, or network activity, and to better describe OPM's records linking individuals to reported cybersecurity incidents or their access to certain OPM information technologies, information systems, and networks through the internet or other authorized connections.","document_number":"2025-19092","html_url":"https://www.federalregister.gov/documents/2025/10/01/2025-19092/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-01/pdf/2025-19092.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19092.pdf?1759236309","publication_date":"2025-10-01","agencies":[{"raw_name":"OFFICE OF PERSONNEL MANAGEMENT","name":"Personnel Management Office","id":406,"url":"https://www.federalregister.gov/agencies/personnel-management-office","json_url":"https://www.federalregister.gov/api/v1/agencies/406","parent_id":null,"slug":"personnel-management-office"}],"excerpts":"network and aggregated in databases searchable by identifying characteristics, including, but not limited to, name, user ID, email address, or IP address. Records may be retrieved as part of routine network and information system security <span class=\"match\">monitoring</span>, <span class=\"match\">cybersecurity</span> incident response, database activity <span class=\"match\">monitoring</span>, or in support of other administrative or security investigations in accordance with appropriate laws, rules, and policies. \n POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: \n Records of verification, authorization, access, and"},{"title":"Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity (CS) Activities","type":"Rule","abstract":"The DoD is finalizing revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program. These revisions will allow all defense contractors who own or operate an unclassified information system that processes, stores, or transmits covered defense information to benefit from bilateral information sharing. DoD is also finalizing changes to definitions and some technical corrections for readability.","document_number":"2024-04752","html_url":"https://www.federalregister.gov/documents/2024/03/12/2024-04752/department-of-defense-dod-defense-industrial-base-dib-cybersecurity-cs-activities","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-03-12/pdf/2024-04752.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-04752.pdf?1710161113","publication_date":"2024-03-12","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"DIB <span class=\"match\">Cybersecurity</span> Activities that implement the requirements levied upon the Department in 10 U.S.C. 391 and 393. To meet the requirements specified in 10 U.S.C. 391, the DIB CS program will refer ineligible applicants to other U.S. Government Departments and Agencies sharing <span class=\"match\">cybersecurity</span> equities to ensure Federal unity of effort. \n A commenter posed several questions about the role of third-party <span class=\"match\">service</span> providers seeking to understand if a third-party <span class=\"match\">service</span> provider may submit reports on behalf of a client, and if a third-party <span class=\"match\">service</span> provider"},{"title":"Equipment, Systems, and Network Information Security Protection","type":"Proposed Rule","abstract":"This proposed rulemaking would impose new design standards to address cybersecurity threats for transport category airplanes, engines, and propellers. The intended effect of this proposed action is to standardize the FAA's criteria for addressing cybersecurity threats, reducing certification costs and time while maintaining the same level of safety provided by current special conditions.","document_number":"2024-17916","html_url":"https://www.federalregister.gov/documents/2024/08/21/2024-17916/equipment-systems-and-network-information-security-protection","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-08-21/pdf/2024-17916.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-17916.pdf?1724157915","publication_date":"2024-08-21","agencies":[{"raw_name":"DEPARTMENT OF TRANSPORTATION","name":"Transportation Department","id":492,"url":"https://www.federalregister.gov/agencies/transportation-department","json_url":"https://www.federalregister.gov/api/v1/agencies/492","parent_id":null,"slug":"transportation-department"},{"raw_name":"Federal Aviation Administration","name":"Federal Aviation Administration","id":159,"url":"https://www.federalregister.gov/agencies/federal-aviation-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/159","parent_id":492,"slug":"federal-aviation-administration"}],"excerpts":"other civil aviation authorities are using to address <span class=\"match\">cybersecurity</span> vulnerability, while maintaining the level of safety provided by current Aircraft System Information Security/Protection (ASISP) special conditions.\n \n B. Background \n The current trend in airplane design includes an increasing level of integration of airplane, engine, and propeller systems with increased connectivity to internal or external data networks and <span class=\"match\">services</span>. Regulators and industry must constantly <span class=\"match\">monitor</span> the <span class=\"match\">cybersecurity</span> threat environment in order to identify and mitigate"}]}