{"description":"Documents matching 'Cybersecurity Monitoring Internet Software & Services'","count":478,"total_pages":24,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=Cybersecurity+Monitoring+Internet+Software+%26+Services&format=json&page=2","results":[{"title":"Cybersecurity Labeling for Internet of Things","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) establishes a voluntary cybersecurity labeling program for wireless consumer Internet of Things, or IoT, products. The program will provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Cyber Trust Mark and a QR code linked to a dynamic, decentralized, publicly available registry of more detailed cybersecurity information. This program will help consumers make safer purchasing decisions, raise consumer confidence regarding the cybersecurity of the IoT products they buy, and encourage manufacturers to develop IoT products with security-by- design principles in mind.","document_number":"2024-14148","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-14148/cybersecurity-labeling-for-internet-of-things","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-14148.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-14148.pdf?1722257113","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"(5) \n <span class=\"match\">Software</span> Update: \n The <span class=\"match\">software</span> of all IoT product components can be updated by authorized individuals, <span class=\"match\">services</span>, and other IoT product components only by using a secure and configurable mechanism, as appropriate for each IoT product component.\n \n \n i. \n <span class=\"match\">Cybersecurity</span> Utility: \n <span class=\"match\">Software</span> may have vulnerabilities discovered after the IoT product has been deployed; <span class=\"match\">software</span> update capabilities can help ensure secure delivery of security patches.\n \n \n (6) \n <span class=\"match\">Cybersecurity</span> State Awareness: \n The IoT product supports detection of <span class=\"match\">cybersecurity</span> incidents"},{"title":"Cybersecurity in the Marine Transportation System","type":"Rule","abstract":"The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.","document_number":"2025-00708","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-00708.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00708.pdf?1736802922","publication_date":"2025-01-17","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"by establishing minimum <span class=\"match\">cybersecurity</span> requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging <span class=\"match\">cybersecurity</span> threats in the marine transportation system by adding minimum <span class=\"match\">cybersecurity</span> requirements to help detect risks and respond to and recover from <span class=\"match\">cybersecurity</span> incidents. These include requirements to develop and maintain a <span class=\"match\">Cybersecurity</span> Plan, designate a <span class=\"match\">Cybersecurity</span> Officer, and take various"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Through Strengthening <span class=\"match\">Cybersecurity</span>,” \n supra \n note 306.\n \n \n \n \n 313 \n  \n See, e.g., \n “Free <span class=\"match\">Cybersecurity</span> <span class=\"match\">Services</span> and Tools,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/resources-tools/resources/free-<span class=\"match\">cybersecurity</span>-<span class=\"match\">services</span>-and-tools; \n “Cyber Hygiene <span class=\"match\">Services</span>,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/cyber-hygiene-<span class=\"match\">services</span>; \n “<span class=\"match\">Cybersecurity</span> Resources for High-Risk Communities,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) stablishes the Schools and Libraries Cybersecurity Pilot Program (Pilot or Pilot Program). The Pilot Program will enable the Commission to evaluate the impact that using Universal Service Fund (USF or Fund) support for eligible cybersecurity services and equipment will have on protecting school and library broadband networks and data. In so doing, the Commission seeks to address the apparent needs of schools and libraries for additional support for cybersecurity services and equipment, while evaluating the impact that providing that support would have on the USF.","document_number":"2024-15866","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-15866/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-15866.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-15866.pdf?1722257112","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"education. The Pilot Program will evaluate whether supporting <span class=\"match\">cybersecurity</span> <span class=\"match\">services</span> and equipment with universal <span class=\"match\">service</span> funds advances the key universal <span class=\"match\">service</span> principles of providing quality <span class=\"match\">internet</span> and broadband <span class=\"match\">services</span> to K-12 schools and libraries at just, reasonable, and affordable rates; and ensuring schools' and libraries' access to advanced telecommunications. Importantly, the Pilot Program will also enable the Commission to better estimate the costs of supporting <span class=\"match\">cybersecurity</span> <span class=\"match\">services</span> and equipment via the USF, which will help inform future"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Rule","abstract":"The Federal Energy Regulatory Commission (Commission) approves proposed Reliability Standard CIP-015-1 (Cyber Security--Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission directs NERC to develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter. The Commission also provides greater clarity about the term CIP-networked environment as it is used in proposed Reliability Standard CIP-015-1.","document_number":"2025-12309","html_url":"https://www.federalregister.gov/documents/2025/07/02/2025-12309/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-02/pdf/2025-12309.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12309.pdf?1751373912","publication_date":"2025-07-02","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"NIST SP 800-82r3 at 74 (recommending the analyzing of information to differentiate between known and unknown communication as a necessary first step in implementing network security <span class=\"match\">monitoring</span>). The term INSM is used by the Commission in Order No. 887, but the <span class=\"match\">cybersecurity</span> industry uses the term “network security <span class=\"match\">monitoring</span>.”\n \n \n \n \n 92 \n  \n See \n CISA <span class=\"match\">Cybersecurity</span> Advisory at 2-6 (describing how a CISA Red Team gained access to workstations and servers from an identity and access management system serving as an electronic access control system"},{"title":"Cybersecurity Maturity Model Certification (CMMC) Program","type":"Rule","abstract":"With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.","document_number":"2024-22905","html_url":"https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22905.pdf?1728650732","publication_date":"2024-10-15","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"the Nation's <span class=\"match\">Cybersecurity</span>” (issued May 12, 2021) requires agencies to enhance <span class=\"match\">cybersecurity</span> and <span class=\"match\">software</span> supply chain integrity. NIST SP 800-171 R2 and NIST SP 800-218 are guidelines, not regulations. NIST SP 800-171 Revision 3 is not currently applicable to this rule. \n Recommendations to add or modify requirements specified in NIST documentation should be submitted in response to NIST requests for public comment on the applicable guidelines. Federal and DoD requirements for delivery of <span class=\"match\">software</span> bills of material of secure <span class=\"match\">software</span> development"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, and the Office of Management and Budget (OMB) Circular No. A-108, notice is given that the Office of Personnel Management (OPM) proposes to establish a new system of records titled, \"OPM/Internal-3, Information Technology, Information System, and Network Activity and Access Records.\" This new system is established to reflect changes in technology, including the increased ability of OPM to link individuals to information technology, information system, or network activity, and to better describe OPM's records linking individuals to reported cybersecurity incidents or their access to certain OPM information technologies, information systems, and networks through the internet or other authorized connections.","document_number":"2025-19092","html_url":"https://www.federalregister.gov/documents/2025/10/01/2025-19092/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-01/pdf/2025-19092.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19092.pdf?1759236309","publication_date":"2025-10-01","agencies":[{"raw_name":"OFFICE OF PERSONNEL MANAGEMENT","name":"Personnel Management Office","id":406,"url":"https://www.federalregister.gov/agencies/personnel-management-office","json_url":"https://www.federalregister.gov/api/v1/agencies/406","parent_id":null,"slug":"personnel-management-office"}],"excerpts":"of electronic mail, instant messaging, other chat <span class=\"match\">services</span>, electronic call detail \n \n information (including name, originating/receiving numbers, duration, and date/time of call), and electronic voicemail.\n \n d. Records of <span class=\"match\">internet</span> access from any information technology connected to an OPM information system, on an OPM network, or through authorized connections to OPM networks and OPM information systems, including the IP address of the information technology being used to initiate the <span class=\"match\">internet</span> connection and the information accessed. \n e. Audit"},{"title":"Strengthening and Promoting Innovation in the Nation's Cybersecurity","type":"Presidential Document","abstract":null,"document_number":"2025-01470","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting-innovation-in-the-nations-cybersecurity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-01470.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-01470.pdf?1737054015","publication_date":"2025-01-17","agencies":[{"raw_name":"EXECUTIVE OFFICE OF THE PRESIDENT","name":"Executive Office of the President","id":538,"url":"https://www.federalregister.gov/agencies/executive-office-of-the-president","json_url":"https://www.federalregister.gov/api/v1/agencies/538","parent_id":null,"slug":"executive-office-of-the-president"}],"excerpts":"rely on <span class=\"match\">software</span> providers. Yet insecure <span class=\"match\">software</span> remains a challenge for both providers and users and makes Federal Government and critical infrastructure systems vulnerable to malicious cyber incidents. The Federal Government must continue to adopt secure <span class=\"match\">software</span> acquisition practices and take steps so that <span class=\"match\">software</span> providers use secure <span class=\"match\">software</span> development practices to reduce the number and severity of vulnerabilities in <span class=\"match\">software</span> they produce.\n \n \n (b) Executive Order 14028 directed actions to improve the security and integrity of <span class=\"match\">software</span> critical"},{"title":"Cybersecurity Labeling for Internet of Things","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes measures to improve consumer confidence and understanding of the security of their connected devices--commonly known as Internet of Things (IoT) devices--that are woven into the fabric of their everyday lives. To provide consumers with the peace of mind that the technology being brought into their homes is reasonably secure, and to help guard against risks to communications, the Commission proposes a voluntary cybersecurity labeling program that would provide easily understood, accessible information to consumers on the relative security of an IoT device or product, and assure consumers that manufacturers of devices bearing the Commission's IoT cybersecurity label adhere to widely accepted cybersecurity standards. In this regard, the Commission's cybersecurity labeling program would help consumers compare IoT devices and make informed purchasing decisions, drive consumers toward purchasing devices with greater security, incentivize manufacturers to meet higher cybersecurity standards to meet market demand, and encourage retailers to market secure devices. The proposed IoT label would offer a trusted, government-backed symbol for devices that comply with IoT cybersecurity standards.","document_number":"2023-18357","html_url":"https://www.federalregister.gov/documents/2023/08/25/2023-18357/cybersecurity-labeling-for-internet-of-things","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-08-25/pdf/2023-18357.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-18357.pdf?1692881134","publication_date":"2023-08-25","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"apply verified <span class=\"match\">software</span> updates. \n \n • The IoT product implements measures to keep <span class=\"match\">software</span> on IoT product components up to date (\n i.e., \n automatic application of updates or consistent customer notification of available updates via the IoT product).\n \n \n <span class=\"match\">Cybersecurity</span> utility: \n <span class=\"match\">Software</span> may have vulnerabilities discovered after the IoT product has been deployed; <span class=\"match\">software</span> update capabilities can ensure secure delivery of security patches.\n \n \n <span class=\"match\">Cybersecurity</span> State Awareness: \n The IoT product supports detection of <span class=\"match\">cybersecurity</span> incidents affecting"},{"title":"Facilitating Implementation of Next Generation 911 Services (NG911); Improving 911 Reliability","type":"Rule","abstract":"In this document, the Federal Communications Commission (the FCC or Commission) adopts rules to ensure that emerging Next Generation 911 (NG911) networks are reliable and interoperable. NG911 is replacing legacy 911 technology across the country with internet Protocol (IP)- based infrastructure that will support new 911 capabilities, including text, video, and data. However, for NG911 to be fully effective, NG911 networks must be designed to safeguard the reliability of critical components and support the interoperability needed to seamlessly transfer 911 calls and data from one network to another. The rules require entities essential to delivering emergency calls in the NG911 environment to implement common sense measures to safeguard the reliability of NG911 networks and reduce the risk of 911 outages, and require certain entities to report on their support for NG911 interoperability. The rules also eliminate unnecessary and burdensome legacy rules to increase flexibility and encourage technical innovation to make NG911 services reliable, interoperable, and accessible to all.","document_number":"2026-13998","html_url":"https://www.federalregister.gov/documents/2026/07/10/2026-13998/facilitating-implementation-of-next-generation-911-services-ng911-improving-911-reliability","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-07-10/pdf/2026-13998.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-13998.pdf?1783601118","publication_date":"2026-07-10","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"which we designate as CSPs, and general <span class=\"match\">internet</span> transit providers, which we do not designate as CSPs.\n 190 \n \n Major IP transport providers are those network operators that meet the OC48/2.5 Gbps threshold and offer dedicated SIP <span class=\"match\">service</span> that includes voice and/or text to two or more OSPs for 911 traffic. General <span class=\"match\">internet</span> transit includes public <span class=\"match\">internet</span>, VPN, or cloud-based <span class=\"match\">service</span> products and their underlying transport networks that provide IP connectivity but do not offer dedicated voice or text <span class=\"match\">service</span>.\n 191 \n \n For the reasons NENA explains"},{"title":"Reporting on Border Gateway Protocol Risk Mitigation Progress; Secure Internet Routing","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) seeks to increase the security of the information routed across the internet by proposing certain reporting obligations on providers of broadband internet access service (BIAS providers) and their use of the Border Gateway Protocol (BGP). Internet traffic can be disrupted, intercepted, and blackholed--when a service provider drops traffic addressed to a targeted IP address or range of addresses by redirecting it to a null route--due to either accidental or deliberate adversarial manipulation of security vulnerabilities inherent to BGP. Together, the intended effect of the plans, filings, and measures the Commission proposes would be to mitigate such threats. BIAS providers would be required to develop BGP Routing Security Risk Management Plans that describe their plans for and progress in implementing security measures that utilize the Resource Public Key Infrastructure (RPKI). Nine of the largest service providers would be required to file specific additional data on a quarterly basis. The FCC also seeks comment on issues related to implementing RPKI-based security measures.","document_number":"2024-13048","html_url":"https://www.federalregister.gov/documents/2024/06/17/2024-13048/reporting-on-border-gateway-protocol-risk-mitigation-progress-secure-internet-routing","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-06-17/pdf/2024-13048.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-13048.pdf?1718369113","publication_date":"2024-06-17","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":" \n SUMMARY: \n In this document, the Federal Communications Commission (Commission) seeks to increase the security of the information routed across the <span class=\"match\">internet</span> by proposing certain reporting obligations on providers of broadband <span class=\"match\">internet</span> access <span class=\"match\">service</span> (BIAS providers) and their use of the Border Gateway Protocol (BGP). <span class=\"match\">Internet</span> traffic can be disrupted, intercepted, and blackholed—when a <span class=\"match\">service</span> provider drops traffic addressed to a targeted IP address or range of addresses by redirecting it to a null route—due to either accidental or deliberate"},{"title":"Cybersecurity in the Marine Transportation System","type":"Proposed Rule","abstract":"The Coast Guard proposes to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This proposed rule would help to address current and emerging cybersecurity threats in the marine transportation system. We seek your comments on this proposed rule and whether we should: use and define the term reportable cyber incident to limit cyber incidents that trigger reporting requirements, use alternative methods of reporting such incidents, and amend the definition of hazardous condition.","document_number":"2024-03075","html_url":"https://www.federalregister.gov/documents/2024/02/22/2024-03075/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-22/pdf/2024-03075.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-03075.pdf?1708523113","publication_date":"2024-02-22","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"Maintenance); \n (7) <span class=\"match\">Cybersecurity</span> measures for access control, including computer, IT, and OT areas (see proposed § 101.650(a) <span class=\"match\">Cybersecurity</span> Measures: Account Measures); \n (8) Physical security controls for IT and OT systems (see proposed § 101.650(i) <span class=\"match\">Cybersecurity</span> Measures: Physical Security); \n (9) <span class=\"match\">Cybersecurity</span> measures for <span class=\"match\">monitoring</span> (see proposed § 101.650(f) <span class=\"match\">Cybersecurity</span> Measures: Supply Chain; (h) Network Segmentation; (i) Physical Security); \n (10) Audits and amendments to the <span class=\"match\">Cybersecurity</span> Plan (see proposed § 101.630(f) <span class=\"match\">Cybersecurity</span> Plan: Audits);"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Proposed Rule","abstract":"The Federal Energy Regulatory Commission (Commission) proposes to approve proposed Reliability Standard CIP-015-1 (Cyber Security-- Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission proposes to direct that NERC develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter.","document_number":"2024-22231","html_url":"https://www.federalregister.gov/documents/2024/09/27/2024-22231/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-27/pdf/2024-22231.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22231.pdf?1727354733","publication_date":"2024-09-27","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"Internal Network Security <span class=\"match\">Monitoring</span> (INSM) \n 4 \n \n to include electronic access control or <span class=\"match\">monitoring</span> systems (EACMS) \n 5 \n \n and physical access control systems (PACS) \n 6 \n \n outside of the electronic security perimeter.\n \n \n \n 1 \n  16 U.S.C. 824o(d)(2).\n \n \n \n \n 2 \n  \n Internal Network Sec. <span class=\"match\">Monitoring</span> for High &amp; Medium Impact Bulk Elec. Sys. Cyber Sys., \n Order No. 887, 88 FR 8354 (Feb. 9, 2023), 182 FERC ¶ 61,021 (2023).\n \n \n \n \n 3 \n  16 U.S.C. 824o(d)(5).\n \n \n \n \n 4 \n  INSM is “a subset of network security <span class=\"match\">monitoring</span> that is applied within"},{"title":"Safeguarding and Securing the Open Internet; Restoring Internet Freedom","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) adopts a Declaratory Ruling, Report and Order, Order, and Order on Reconsideration that reestablishes the Commission's authority over broadband internet access service (BIAS). The Declaratory Ruling classifies broadband internet access service as a telecommunications service under Title II of the Communications Act, providing the Commission with additional authority to safeguard national security, advance public safety, protect consumers, and facilitate broadband deployment. The Order establishes broad, tailored forbearance of the Commission's application of Title II to broadband providers while maintaining Title II provisions the Commission needs to fulfill its obligations and objectives. The Report and Order reinstates straightforward, clear rules that prohibit blocking, throttling, or engaging in paid or affiliated prioritization arrangements, adopts certain enhancements to the transparency rule, and reinstates a general conduct standard that prohibits unreasonable interference or unreasonable disadvantage to consumers or edge providers. The Order on Reconsideration partially grants and otherwise dismisses as moot four petitions for reconsideration filed in response to the 2020 Restoring Internet Freedom Remand Order.","document_number":"2024-10674","html_url":"https://www.federalregister.gov/documents/2024/05/22/2024-10674/safeguarding-and-securing-the-open-internet-restoring-internet-freedom","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-05-22/pdf/2024-10674.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-10674.pdf?1716295515","publication_date":"2024-05-22","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"Classification of Broadband <span class=\"match\">Internet</span> Access <span class=\"match\">Services</span> \n 1. We reinstate the telecommunications <span class=\"match\">service</span> classification of BIAS under Title II of the Act. Reclassification will enhance the Commission's ability to ensure <span class=\"match\">internet</span> openness, defend national security, promote <span class=\"match\">cybersecurity</span>, safeguard public safety, <span class=\"match\">monitor</span> network resiliency and reliability, protect consumer privacy and data security, support consumer access to BIAS, and improve disability access. We find that classification of BIAS as a telecommunications <span class=\"match\">service</span> represents the best reading"},{"title":"Privacy Act of 1974; Systems of Records","type":"Notice","abstract":"Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Justice Management Division (JMD), a component within the United States Department of Justice (DOJ or Department), proposes to modify the system of records titled Security Monitoring and Analytics Service Records, JUSTICE/JMD-026, updating the capabilities and offerings included in it.","document_number":"2025-09447","html_url":"https://www.federalregister.gov/documents/2025/06/02/2025-09447/privacy-act-of-1974-systems-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-02/pdf/2025-09447.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-09447.pdf?1748609107","publication_date":"2025-06-02","agencies":[{"raw_name":"DEPARTMENT OF JUSTICE","name":"Justice Department","id":268,"url":"https://www.federalregister.gov/agencies/justice-department","json_url":"https://www.federalregister.gov/api/v1/agencies/268","parent_id":null,"slug":"justice-department"}],"excerpts":"Office of the Chief Information Officer (OCIO), <span class=\"match\">Cybersecurity</span> <span class=\"match\">Services</span> Staff (CSS), developed the Security <span class=\"match\">Monitoring</span> and Analytics <span class=\"match\">Service</span> (SMAS) to provide DOJ-managed information technology (IT) <span class=\"match\">service</span> offerings to other federal agencies wishing to leverage DOJ's <span class=\"match\">cybersecurity</span> <span class=\"match\">services</span>, referred to as “external federal agency subscribers.” 28 U.S.C. 527 establishes a working capital fund for the Department of Justice, which enables the Department to recover operational expenses for certain <span class=\"match\">services</span> delivered to other federal agencies. SMAS has"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes a three-year pilot program within the Universal Service Fund (USF or Fund) to provide up to $200 million available to support cybersecurity and advanced firewall services for eligible schools and libraries.","document_number":"2023-27811","html_url":"https://www.federalregister.gov/documents/2023/12/29/2023-27811/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-12-29/pdf/2023-27811.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-27811.pdf?1703771112","publication_date":"2023-12-29","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"U.S. consumers. \n II. Discussion \n \n 5. Mindful of the need to protect universal <span class=\"match\">service</span> funding and aware that basic firewall <span class=\"match\">services</span> may be insufficient alone to protect E-Rate-funded broadband networks, the Commission proposes a three-year Pilot program to ascertain whether supporting <span class=\"match\">cybersecurity</span> and advanced firewall <span class=\"match\">services</span> with universal <span class=\"match\">service</span> support could advance the key universal <span class=\"match\">service</span> principles of providing quality <span class=\"match\">internet</span> and broadband <span class=\"match\">services</span> to K-12 schools and libraries at just, reasonable, and affordable rates; and ensuring"},{"title":"Equipment, Systems, and Network Information Security Protection","type":"Proposed Rule","abstract":"This proposed rulemaking would impose new design standards to address cybersecurity threats for transport category airplanes, engines, and propellers. The intended effect of this proposed action is to standardize the FAA's criteria for addressing cybersecurity threats, reducing certification costs and time while maintaining the same level of safety provided by current special conditions.","document_number":"2024-17916","html_url":"https://www.federalregister.gov/documents/2024/08/21/2024-17916/equipment-systems-and-network-information-security-protection","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-08-21/pdf/2024-17916.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-17916.pdf?1724157915","publication_date":"2024-08-21","agencies":[{"raw_name":"DEPARTMENT OF TRANSPORTATION","name":"Transportation Department","id":492,"url":"https://www.federalregister.gov/agencies/transportation-department","json_url":"https://www.federalregister.gov/api/v1/agencies/492","parent_id":null,"slug":"transportation-department"},{"raw_name":"Federal Aviation Administration","name":"Federal Aviation Administration","id":159,"url":"https://www.federalregister.gov/agencies/federal-aviation-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/159","parent_id":492,"slug":"federal-aviation-administration"}],"excerpts":"other civil aviation authorities are using to address <span class=\"match\">cybersecurity</span> vulnerability, while maintaining the level of safety provided by current Aircraft System Information Security/Protection (ASISP) special conditions.\n \n B. Background \n The current trend in airplane design includes an increasing level of integration of airplane, engine, and propeller systems with increased connectivity to internal or external data networks and <span class=\"match\">services</span>. Regulators and industry must constantly <span class=\"match\">monitor</span> the <span class=\"match\">cybersecurity</span> threat environment in order to identify and mitigate"},{"title":"Facilitating Implementation of Next Generation 911 Services (NG911); Improving 911 Reliability","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (the FCC or Commission) proposes rules that would help ensure that emerging Next Generation 911 (NG911) networks are reliable and interoperable. NG911 is replacing legacy 911 technology across the country with Internet Protocol (IP)-based infrastructure that will support new 911 capabilities, including text, video, and data. However, for NG911 to be fully effective, NG911 networks must safeguard the reliability of critical components and support the interoperability needed to seamlessly transfer 911 calls and data from one network to another. When the Commission first adopted 911 reliability rules in 2013, the transition to NG911 was in its very early stages. Since then, many state and local 911 Authorities have made significant progress in deploying NG911 capabilities in their jurisdictions. This Further Notice of Proposed Rulemaking (FNPRM) is the next step in fulfilling the Commission's commitment to facilitate the NG911 transition and to ensure that the transition does not inadvertently create vulnerabilities in the nation's critical public safety networks. The FNPRM proposes to update the definition of \"covered 911 service provider\" in the Commission's existing 911 reliability rules to ensure that the rules apply to service providers that control or operate critical pathways and components in NG911 networks. It also proposes to update the reliability standards for providers of critical NG911 functions to ensure the reliable delivery of 911 traffic to NG911 delivery points, and proposes to establish NG911 interoperability requirements for interstate transfer of 911 traffic between Emergency Services IP Networks (ESInets). In addition, the FNPRM proposes to modify the certification and oversight mechanisms in the current 911 reliability rules to improve reliability and interoperability in NG911 systems while minimizing burdens on service providers, and proposes to empower state and local 911 Authorities to obtain reliability and interoperability certifications directly from covered 911 service providers.","document_number":"2025-09279","html_url":"https://www.federalregister.gov/documents/2025/06/04/2025-09279/facilitating-implementation-of-next-generation-911-services-ng911-improving-911-reliability","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-04/pdf/2025-09279.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-09279.pdf?1748954707","publication_date":"2025-06-04","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"identify within their networks <span class=\"match\">service</span>-impacting events that impair or cause a total loss of <span class=\"match\">service</span>.”).\n \n \n \n \n 28 \n  \n Id. \n at 70.\n \n \n \n \n 29 \n  \n Id. \n (recommending (1) “<span class=\"match\">Service</span> Providers consider incorporating network detection tools, as appropriate, to assist network operations in detecting or deterring threats to 9-1-1 before they reach the ESInet perimeter” and (2) “<span class=\"match\">Service</span> Providers and other stakeholders work together to ensure that the system <span class=\"match\">monitoring</span> information that is needed to mitigate risks, <span class=\"match\">monitor</span> elements of the NG9-1-1 infrastructure"},{"title":"Review of Submarine Cable Landing License Rules and Procedures To Assess Evolving National Security, Law Enforcement, Foreign Policy, and Trade Policy Risks","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) adopted a Report and Order that updates the Commission's submarine cable licensing process and adopts rule changes to protect critical U.S. communications infrastructure against foreign adversary threats, specifically those posed by an entity that is owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary. The Report and Order adopts a requirement for certain licensees to file an annual report about the licensee, submarine cable system ownership, and submarine cable operations. The Report and Order adopts a one-time information collection for licensees to identify, among other things, how many entities currently own or operate submarine line terminal equipment (SLTEs) on existing licensed cable systems. The Report and Order also requires applicants and licensees to certify that they have created, updated, and implemented a cybersecurity and physical security risk management plan and requires applicants to certify that the submarine cable system will not use equipment or services identified on the Commission's Covered List. With respect to the circuit capacity data collection, the Report and Order adopts streamlined rules and eliminates the requirement for licensees to file a cable operator report about the capacity on a cable and clarify the types of capacity that need to be reported on an annual basis.","document_number":"2025-19658","html_url":"https://www.federalregister.gov/documents/2025/10/27/2025-19658/review-of-submarine-cable-landing-license-rules-and-procedures-to-assess-evolving-national-security","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-27/pdf/2025-19658.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19658.pdf?1761309905","publication_date":"2025-10-27","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"implemented a <span class=\"match\">cybersecurity</span> and physical security risk management plan and will take reasonable measures to protect their systems and <span class=\"match\">services</span> from <span class=\"match\">cybersecurity</span> and physical security risks that could affect their provision of communications <span class=\"match\">services</span> through the submarine cable system. We also require existing licensees to implement a <span class=\"match\">cybersecurity</span> and physical security risk management plan within one year of the effective date of the new rules to also protect against these threats that could affect the provision of communications <span class=\"match\">services</span> through the"},{"title":"Securing the Information and Communications Technology and Services Supply Chain: Unmanned Aircraft Systems","type":"Proposed Rule","abstract":"In this advance notice of proposed rulemaking (ANPRM), the Department of Commerce's Bureau of Industry and Security (BIS) seeks public comment on issues related to transactions involving information and communications technology and services (ICTS) that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries, pursuant to Executive Order (E.O.) 13873, \"Securing the Information and Communications Technology and Services Supply Chain,\" and that are integral to unmanned aircraft systems (UAS). This ANPRM will assist BIS in determining the technologies and market participants that may be appropriate for regulation in order to address undue or unacceptable risks to U.S. national security, including U.S. ICTS supply chains and critical infrastructure, or/and to the security and safety of U.S. persons.","document_number":"2024-30209","html_url":"https://www.federalregister.gov/documents/2025/01/03/2024-30209/securing-the-information-and-communications-technology-and-services-supply-chain-unmanned-aircraft","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-03/pdf/2024-30209.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30209.pdf?1735825508","publication_date":"2025-01-03","agencies":[{"raw_name":"DEPARTMENT OF COMMERCE","name":"Commerce Department","id":54,"url":"https://www.federalregister.gov/agencies/commerce-department","json_url":"https://www.federalregister.gov/api/v1/agencies/54","parent_id":null,"slug":"commerce-department"},{"raw_name":"Bureau of Industry and Security","name":"Industry and Security Bureau","id":241,"url":"https://www.federalregister.gov/agencies/industry-and-security-bureau","json_url":"https://www.federalregister.gov/api/v1/agencies/241","parent_id":54,"slug":"industry-and-security-bureau"}],"excerpts":"controllers; (5) operating <span class=\"match\">software</span> including, but not limited to, network management <span class=\"match\">software</span>; (6) mission planning <span class=\"match\">software</span>; (7) intelligent battery power systems; (8) local and external data storage devices and <span class=\"match\">services</span>; and (9) artificial intelligence (AI) <span class=\"match\">software</span> or applications. BIS also solicits input on mechanisms to mitigate the risks posed by foreign adversary ICTS integral to UAS, such as potential design requirements, machine learning controls, implementation standards and protocols, <span class=\"match\">cybersecurity</span> firmware and/or <span class=\"match\">software</span> inputs, manufacturing"}]}