{"description":"Documents matching 'Cybersecurity Monitoring compliance'","count":1030,"total_pages":50,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=Cybersecurity+Monitoring+compliance&format=json&page=2","results":[{"title":"Intent To Request a Revision From OMB of One Current Public Collection of Information: Cybersecurity Measures for Surface Modes","type":"Notice","abstract":"The Transportation Security Administration (TSA) invites public comment on one currently-approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0074, abstracted below, that we will submit to OMB for a revision in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection concerns data concerning the designation of a Cybersecurity Coordinator; the reporting of cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency; the development of a cybersecurity contingency/recovery plan to address cybersecurity gaps; and the completion of a cybersecurity assessment.","document_number":"2026-07364","html_url":"https://www.federalregister.gov/documents/2026/04/16/2026-07364/intent-to-request-a-revision-from-omb-of-one-current-public-collection-of-information-cybersecurity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-16/pdf/2026-07364.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07364.pdf?1776257113","publication_date":"2026-04-16","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Transportation Security Administration","name":"Transportation Security Administration","id":494,"url":"https://www.federalregister.gov/agencies/transportation-security-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/494","parent_id":227,"slug":"transportation-security-administration"}],"excerpts":"below, that we will submit to OMB for a revision in <span class=\"match\">compliance</span> with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection concerns data concerning the designation of a <span class=\"match\">Cybersecurity</span> Coordinator; the reporting of <span class=\"match\">cybersecurity</span> incidents to the <span class=\"match\">Cybersecurity</span> and Infrastructure Security Agency; the development of a <span class=\"match\">cybersecurity</span> contingency/recovery plan to address <span class=\"match\">cybersecurity</span> gaps; and the completion of a <span class=\"match\">cybersecurity</span> assessment. \n \n \n DATES: \n Send your comments by June"},{"title":"Cybersecurity in the Marine Transportation System","type":"Rule","abstract":"The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.","document_number":"2025-00708","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-00708.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00708.pdf?1736802922","publication_date":"2025-01-17","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"by establishing minimum <span class=\"match\">cybersecurity</span> requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging <span class=\"match\">cybersecurity</span> threats in the marine transportation system by adding minimum <span class=\"match\">cybersecurity</span> requirements to help detect risks and respond to and recover from <span class=\"match\">cybersecurity</span> incidents. These include requirements to develop and maintain a <span class=\"match\">Cybersecurity</span> Plan, designate a <span class=\"match\">Cybersecurity</span> Officer, and take various"},{"title":"Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)","type":"Rule","abstract":"DoD is issuing a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification program rule, titled Cybersecurity Maturity Model Certification Program. This final DFARS rule also partially implements a section of the National Defense Authorization Act for Fiscal Year 2020 that directed the Secretary of Defense to develop a consistent, comprehensive framework to enhance cybersecurity for the U.S. defense industrial base.","document_number":"2025-17359","html_url":"https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-17359.pdf?1757421911","publication_date":"2025-09-10","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Defense Acquisition Regulations System","name":"Defense Acquisition Regulations System","id":97,"url":"https://www.federalregister.gov/agencies/defense-acquisition-regulations-system","json_url":"https://www.federalregister.gov/api/v1/agencies/97","parent_id":103,"slug":"defense-acquisition-regulations-system"}],"excerpts":"Notice of <span class=\"match\">Cybersecurity</span> Maturity Model Certification Level Requirements (Nov 2025) \n \n (a) \n Definitions. \n As used in this provision, \n controlled unclassified information (CUI), current, \n \n <span class=\"match\">Cybersecurity</span> Maturity Model Certification (CMMC) status, <span class=\"match\">Cybersecurity</span> Maturity Model Certification unique identifier (CMMC UID), \n \n Federal contract information (FCI), \n and \n Plan of action and milestones \n have the meaning given in the Defense Federal Acquisition Regulation Supplement 252.204-7021, Contractor <span class=\"match\">Compliance</span> With the <span class=\"match\">Cybersecurity</span> Maturity"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Through Strengthening <span class=\"match\">Cybersecurity</span>,” \n supra \n note 306.\n \n \n \n \n 313 \n  \n See, e.g., \n “Free <span class=\"match\">Cybersecurity</span> Services and Tools,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/resources-tools/resources/free-<span class=\"match\">cybersecurity</span>-services-and-tools; \n “Cyber Hygiene Services,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/cyber-hygiene-services; \n “<span class=\"match\">Cybersecurity</span> Resources for High-Risk Communities,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) stablishes the Schools and Libraries Cybersecurity Pilot Program (Pilot or Pilot Program). The Pilot Program will enable the Commission to evaluate the impact that using Universal Service Fund (USF or Fund) support for eligible cybersecurity services and equipment will have on protecting school and library broadband networks and data. In so doing, the Commission seeks to address the apparent needs of schools and libraries for additional support for cybersecurity services and equipment, while evaluating the impact that providing that support would have on the USF.","document_number":"2024-15866","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-15866/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-15866.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-15866.pdf?1722257112","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"for the proposed project, and the <span class=\"match\">cybersecurity</span> risks the proposed Pilot project will prevent or address. \n • The <span class=\"match\">cybersecurity</span> equipment and services the applicant plans to request as part of its proposed project, the ability of the project to be self-sustaining once established, and whether the applicant has a <span class=\"match\">cybersecurity</span> officer or other senior-level staff member designated to be the <span class=\"match\">cybersecurity</span> officer for its Pilot project. \n \n • Whether the applicant has previous experience implementing <span class=\"match\">cybersecurity</span> protections or measures (answered on"},{"title":"Cybersecurity Maturity Model Certification (CMMC) Program","type":"Rule","abstract":"With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.","document_number":"2024-22905","html_url":"https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22905.pdf?1728650732","publication_date":"2024-10-15","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"The rule was modified to clarify that reassessments may be required based on post-assessment indicators of <span class=\"match\">cybersecurity</span> issues or non-<span class=\"match\">compliance</span> and are different from new assessments that occur when an assessment validity period expires. Reassessment is expected to be infrequent, conducted by the DoD, and necessary when <span class=\"match\">cybersecurity</span> risks, threats, or awareness have changed, or indicators of <span class=\"match\">cybersecurity</span> deficiencies and/or non-<span class=\"match\">compliance</span> are present. When required, DCMA DIBCAC will initiate the re-assessment process using established procedures"},{"title":"Cybersecurity Labeling for Internet of Things","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) establishes a voluntary cybersecurity labeling program for wireless consumer Internet of Things, or IoT, products. The program will provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Cyber Trust Mark and a QR code linked to a dynamic, decentralized, publicly available registry of more detailed cybersecurity information. This program will help consumers make safer purchasing decisions, raise consumer confidence regarding the cybersecurity of the IoT products they buy, and encourage manufacturers to develop IoT products with security-by- design principles in mind.","document_number":"2024-14148","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-14148/cybersecurity-labeling-for-internet-of-things","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-14148.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-14148.pdf?1722257113","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"products. <span class=\"match\">Compliance</span> with all requirements associated with ISO/IEC 17025. If we determine that other ISO standards or other relevant requirements are missing, the Commission will provide guidance to industry on how they may be addressed.\n \n \n 2. Knowledge of FCC rules and procedures associated with IoT <span class=\"match\">cybersecurity</span> <span class=\"match\">compliance</span> testing and certification. \n 3. Necessary equipment, facilities, and personnel to conduct <span class=\"match\">cybersecurity</span> testing and conformity assessment of IoT devices and products. \n 4. Documented procedures for IoT <span class=\"match\">cybersecurity</span> conformity"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Rule","abstract":"The Federal Energy Regulatory Commission (Commission) approves proposed Reliability Standard CIP-015-1 (Cyber Security--Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission directs NERC to develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter. The Commission also provides greater clarity about the term CIP-networked environment as it is used in proposed Reliability Standard CIP-015-1.","document_number":"2025-12309","html_url":"https://www.federalregister.gov/documents/2025/07/02/2025-12309/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-02/pdf/2025-12309.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12309.pdf?1751373912","publication_date":"2025-07-02","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"retain flexibility on how they choose to demonstrate <span class=\"match\">compliance</span>, the Reliability Standard includes <span class=\"match\">Compliance</span> Measures providing examples of the type of documentation an entity may want to develop and maintain to demonstrate <span class=\"match\">compliance</span>. The reporting burden below is based on the <span class=\"match\">Compliance</span> Measurements provided in Reliability Standard CIP-015-1. \n 64. The NERC <span class=\"match\">Compliance</span> Registry, as of April 2025, identifies approximately 1,636 unique U.S. entities that are subject to mandatory <span class=\"match\">compliance</span> with CIP Reliability Standards. Of this total, we estimate that"},{"title":"Pipeline Safety: Remote Monitoring of Hazardous Liquid Pipeline Rectifiers","type":"Proposed Rule","abstract":"This NPRM proposes to clarify that required electrical checks of rectifiers and other cathodic protection equipment may be performed remotely on hazardous liquid and carbon dioxide pipelines. This proposal is consistent with standards previously adopted for gas transmission pipelines.","document_number":"2026-08068","html_url":"https://www.federalregister.gov/documents/2026/04/24/2026-08068/pipeline-safety-remote-monitoring-of-hazardous-liquid-pipeline-rectifiers","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-24/pdf/2026-08068.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-08068.pdf?1776948322","publication_date":"2026-04-24","agencies":[{"raw_name":"DEPARTMENT OF TRANSPORTATION","name":"Transportation Department","id":492,"url":"https://www.federalregister.gov/agencies/transportation-department","json_url":"https://www.federalregister.gov/api/v1/agencies/492","parent_id":null,"slug":"transportation-department"},{"raw_name":"Pipeline and Hazardous Materials Safety Administration","name":"Pipeline and Hazardous Materials Safety Administration","id":408,"url":"https://www.federalregister.gov/agencies/pipeline-and-hazardous-materials-safety-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/408","parent_id":492,"slug":"pipeline-and-hazardous-materials-safety-administration"}],"excerpts":"comments in response to a request for information (90 FR 14593 (Apr. 3, 2025)) urging the agency to authorize explicitly the remote <span class=\"match\">monitoring</span> of rectifiers on hazardous liquid pipelines by aligning the requirements with similar revisions made to the gas transmission pipeline corrosion control <span class=\"match\">monitoring</span> requirements in 49 CFR 192.465(b).\n 2 \n \n For gas transmission pipelines, § 192.465(b) allows remote <span class=\"match\">monitoring</span> provided the device is physically inspected once each year.\n \n \n \n 1 \n  PHMSA, \n Part 195 Corrosion Enforcement Guidance, \n at 59 (June"},{"title":"Strengthening and Promoting Innovation in the Nation's Cybersecurity","type":"Presidential Document","abstract":null,"document_number":"2025-01470","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting-innovation-in-the-nations-cybersecurity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-01470.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-01470.pdf?1737054015","publication_date":"2025-01-17","agencies":[{"raw_name":"EXECUTIVE OFFICE OF THE PRESIDENT","name":"Executive Office of the President","id":538,"url":"https://www.federalregister.gov/agencies/executive-office-of-the-president","json_url":"https://www.federalregister.gov/api/v1/agencies/538","parent_id":null,"slug":"executive-office-of-the-president"}],"excerpts":"Nation, cost billions of dollars, and undermine Americans' security and privacy. More must be done to improve the Nation's <span class=\"match\">cybersecurity</span> against these threats.\n \n Building on the foundational steps I directed in Executive Order 14028 of May 12, 2021 (Improving the Nation's <span class=\"match\">Cybersecurity</span>), and the initiatives detailed in the National <span class=\"match\">Cybersecurity</span> Strategy, I am ordering additional actions to improve our Nation's <span class=\"match\">cybersecurity</span>, focusing on defending our digital infrastructure, securing the services and capabilities most vital to the digital domain"},{"title":"Cybersecurity in the Marine Transportation System","type":"Proposed Rule","abstract":"The Coast Guard proposes to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This proposed rule would help to address current and emerging cybersecurity threats in the marine transportation system. We seek your comments on this proposed rule and whether we should: use and define the term reportable cyber incident to limit cyber incidents that trigger reporting requirements, use alternative methods of reporting such incidents, and amend the definition of hazardous condition.","document_number":"2024-03075","html_url":"https://www.federalregister.gov/documents/2024/02/22/2024-03075/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-22/pdf/2024-03075.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-03075.pdf?1708523113","publication_date":"2024-02-22","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"Maintenance); \n (7) <span class=\"match\">Cybersecurity</span> measures for access control, including computer, IT, and OT areas (see proposed § 101.650(a) <span class=\"match\">Cybersecurity</span> Measures: Account Measures); \n (8) Physical security controls for IT and OT systems (see proposed § 101.650(i) <span class=\"match\">Cybersecurity</span> Measures: Physical Security); \n (9) <span class=\"match\">Cybersecurity</span> measures for <span class=\"match\">monitoring</span> (see proposed § 101.650(f) <span class=\"match\">Cybersecurity</span> Measures: Supply Chain; (h) Network Segmentation; (i) Physical Security); \n (10) Audits and amendments to the <span class=\"match\">Cybersecurity</span> Plan (see proposed § 101.630(f) <span class=\"match\">Cybersecurity</span> Plan: Audits);"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Proposed Rule","abstract":"The Federal Energy Regulatory Commission (Commission) proposes to approve proposed Reliability Standard CIP-015-1 (Cyber Security-- Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission proposes to direct that NERC develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter.","document_number":"2024-22231","html_url":"https://www.federalregister.gov/documents/2024/09/27/2024-22231/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-27/pdf/2024-22231.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22231.pdf?1727354733","publication_date":"2024-09-27","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"Internal Network Security <span class=\"match\">Monitoring</span> (INSM) \n 4 \n \n to include electronic access control or <span class=\"match\">monitoring</span> systems (EACMS) \n 5 \n \n and physical access control systems (PACS) \n 6 \n \n outside of the electronic security perimeter.\n \n \n \n 1 \n  16 U.S.C. 824o(d)(2).\n \n \n \n \n 2 \n  \n Internal Network Sec. <span class=\"match\">Monitoring</span> for High &amp; Medium Impact Bulk Elec. Sys. Cyber Sys., \n Order No. 887, 88 FR 8354 (Feb. 9, 2023), 182 FERC ¶ 61,021 (2023).\n \n \n \n \n 3 \n  16 U.S.C. 824o(d)(5).\n \n \n \n \n 4 \n  INSM is “a subset of network security <span class=\"match\">monitoring</span> that is applied within"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO), and Infrastructure and Operations (IOO), is issuing a public notice of its intent to establish a Privacy Act System of Records Notice (SORN) titled \"Sumo Logic.\" Sumo Logic serves as HUD's Security Information and Event Management (SIEM) tool, supporting centralized log collection, aggregation, and security monitoring. It collects system log data from HUD applications, infrastructure, security tools, and cloud platforms, and performs event correlation, custom searches, dashboard monitoring, scheduled reporting, and other standard security monitoring. This newly established system will be included in HUD's inventory of record systems.","document_number":"2026-11613","html_url":"https://www.federalregister.gov/documents/2026/06/10/2026-11613/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-10/pdf/2026-11613.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11613.pdf?1781009113","publication_date":"2026-06-10","agencies":[{"raw_name":"DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT","name":"Housing and Urban Development Department","id":228,"url":"https://www.federalregister.gov/agencies/housing-and-urban-development-department","json_url":"https://www.federalregister.gov/api/v1/agencies/228","parent_id":null,"slug":"housing-and-urban-development-department"}],"excerpts":"System Modernization Act of 2014 (FISMA), Public Law 113-283, 44 U.S.C. 3554; Executive Order 14028, Improving the Nation's <span class=\"match\">Cybersecurity</span> (May 12, 2021); and OMB Memorandum 21-31, Improving the Federal Government's Investigative and Remediation Capabilities Related to <span class=\"match\">Cybersecurity</span> Incidents (August 27, 2021). \n PURPOSE(S) OF THE SYSTEM: \n Sumo Logic supports HUD's <span class=\"match\">cybersecurity</span> operations by enabling centralized system <span class=\"match\">monitoring</span>, threat detection, event correlation and incident investigation. \n CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: \n The"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, and the Office of Management and Budget (OMB) Circular No. A-108, notice is given that the Office of Personnel Management (OPM) proposes to establish a new system of records titled, \"OPM/Internal-3, Information Technology, Information System, and Network Activity and Access Records.\" This new system is established to reflect changes in technology, including the increased ability of OPM to link individuals to information technology, information system, or network activity, and to better describe OPM's records linking individuals to reported cybersecurity incidents or their access to certain OPM information technologies, information systems, and networks through the internet or other authorized connections.","document_number":"2025-19092","html_url":"https://www.federalregister.gov/documents/2025/10/01/2025-19092/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-01/pdf/2025-19092.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19092.pdf?1759236309","publication_date":"2025-10-01","agencies":[{"raw_name":"OFFICE OF PERSONNEL MANAGEMENT","name":"Personnel Management Office","id":406,"url":"https://www.federalregister.gov/agencies/personnel-management-office","json_url":"https://www.federalregister.gov/api/v1/agencies/406","parent_id":null,"slug":"personnel-management-office"}],"excerpts":"network and aggregated in databases searchable by identifying characteristics, including, but not limited to, name, user ID, email address, or IP address. Records may be retrieved as part of routine network and information system security <span class=\"match\">monitoring</span>, <span class=\"match\">cybersecurity</span> incident response, database activity <span class=\"match\">monitoring</span>, or in support of other administrative or security investigations in accordance with appropriate laws, rules, and policies. \n POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: \n Records of verification, authorization, access, and"},{"title":"Statement of Organization, Functions, and Delegations of Authority","type":"Notice","abstract":"The Centers for Medicare and Medicaid Services (CMS), Office of Health Technology and Products (OHTP), has been established. This new organizational component will provide enterprise leadership and oversight for CMS healthcare technology modernization, digital products, and transformation of platforms and services supporting Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and other CMS-administered programs, in close coordination with the CMS Chief Information Officer (CIO) and subject to CIO-led enterprise information technology (IT) governance, cybersecurity, enterprise architecture, and capital planning and investment control responsibilities, as well as CIO-led digital service delivery, customer experience, and public digital experience responsibilities under applicable law.","document_number":"2026-11743","html_url":"https://www.federalregister.gov/documents/2026/06/11/2026-11743/statement-of-organization-functions-and-delegations-of-authority","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-11/pdf/2026-11743.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11743.pdf?1781095520","publication_date":"2026-06-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"to CMS components and external stakeholders adopting interoperability solutions. \n • Promotes reuse, transparency, and collaboration through open-source technologies, shared services, and modern development practices. \n • Ensures <span class=\"match\">compliance</span> with CMS IT security, privacy, and system authorization requirements. \n • <span class=\"match\">Monitors</span> performance and adoption of interoperability solutions and provides insights to inform strategy and policy. \n • Advances API-first and standards-based architectures to support scalable and interoperable data exchange. \n Division"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes a three-year pilot program within the Universal Service Fund (USF or Fund) to provide up to $200 million available to support cybersecurity and advanced firewall services for eligible schools and libraries.","document_number":"2023-27811","html_url":"https://www.federalregister.gov/documents/2023/12/29/2023-27811/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-12-29/pdf/2023-27811.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-27811.pdf?1703771112","publication_date":"2023-12-29","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"Schools and Libraries <span class=\"match\">Cybersecurity</span> Pilot Program. \n \n \n Form Numbers: \n FCC Forms 470, 471, 472, 474—<span class=\"match\">Cybersecurity</span>, 484 and 488—<span class=\"match\">Cybersecurity</span>. \n \n \n Type of Review: \n New collection.\n \n \n Respondents: \n State, local or tribal government institutions, and other not-for-profit institutions.\n \n \n Number of Respondents and Responses: \n 23,000 respondents; 201,100 responses.\n \n \n Estimated Time per Response: \n 4 hours for FCC Form 470—<span class=\"match\">Cybersecurity</span>, 5 hours for FCC Form 471—<span class=\"match\">Cybersecurity</span>, 1.75 hours for FCC Forms 472/474—<span class=\"match\">Cybersecurity</span>, 15 hours for FCC"},{"title":"Equipment, Systems, and Network Information Security Protection","type":"Proposed Rule","abstract":"This proposed rulemaking would impose new design standards to address cybersecurity threats for transport category airplanes, engines, and propellers. The intended effect of this proposed action is to standardize the FAA's criteria for addressing cybersecurity threats, reducing certification costs and time while maintaining the same level of safety provided by current special conditions.","document_number":"2024-17916","html_url":"https://www.federalregister.gov/documents/2024/08/21/2024-17916/equipment-systems-and-network-information-security-protection","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-08-21/pdf/2024-17916.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-17916.pdf?1724157915","publication_date":"2024-08-21","agencies":[{"raw_name":"DEPARTMENT OF TRANSPORTATION","name":"Transportation Department","id":492,"url":"https://www.federalregister.gov/agencies/transportation-department","json_url":"https://www.federalregister.gov/api/v1/agencies/492","parent_id":null,"slug":"transportation-department"},{"raw_name":"Federal Aviation Administration","name":"Federal Aviation Administration","id":159,"url":"https://www.federalregister.gov/agencies/federal-aviation-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/159","parent_id":492,"slug":"federal-aviation-administration"}],"excerpts":"February 22, 2019, EASA released NPA 2019-01, Aircraft <span class=\"match\">Cybersecurity</span>, a set of proposed amendments to CS-23, CS-25, CS-27, CS-29, CS-E, CS-ETSO, CS-P and also release their related acceptable means of <span class=\"match\">compliance</span>/guidance material. EASA Decision 2020/006/R “Aircraft <span class=\"match\">cybersecurity</span>” finalized these amendments and their guidance on July 1, 2020, issuing CS-25 Amendment 25, CS-E Amendment 6, and CS-P Amendment 2, along with amendments to CS for other product types. These amendments introduced <span class=\"match\">cybersecurity</span> provisions into the relevant CS, incorporating the"},{"title":"Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity (CS) Activities","type":"Rule","abstract":"The DoD is finalizing revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program. These revisions will allow all defense contractors who own or operate an unclassified information system that processes, stores, or transmits covered defense information to benefit from bilateral information sharing. DoD is also finalizing changes to definitions and some technical corrections for readability.","document_number":"2024-04752","html_url":"https://www.federalregister.gov/documents/2024/03/12/2024-04752/department-of-defense-dod-defense-industrial-base-dib-cybersecurity-cs-activities","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-03-12/pdf/2024-04752.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-04752.pdf?1710161113","publication_date":"2024-03-12","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"analyst-to-analyst exchanges, mitigation and remediation strategies, and <span class=\"match\">cybersecurity</span> best practices in a collaborative environment. The shared unclassified and classified cyber threat information is used to bolster a company's <span class=\"match\">cybersecurity</span> posture and mitigate the growing cyber threat. The program's tailored support for small, mid-size, and large companies with varying <span class=\"match\">cybersecurity</span> maturity levels is an asset for participants. The program remains a key element of DoD's <span class=\"match\">cybersecurity</span> efforts by providing services to help protect DIB CS Program participants"},{"title":"Privacy Act of 1974; Systems of Records","type":"Notice","abstract":"Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, notice is hereby given that the Justice Management Division (JMD), a component within the United States Department of Justice (DOJ or Department), proposes to modify the system of records titled Security Monitoring and Analytics Service Records, JUSTICE/JMD-026, updating the capabilities and offerings included in it.","document_number":"2025-09447","html_url":"https://www.federalregister.gov/documents/2025/06/02/2025-09447/privacy-act-of-1974-systems-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-02/pdf/2025-09447.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-09447.pdf?1748609107","publication_date":"2025-06-02","agencies":[{"raw_name":"DEPARTMENT OF JUSTICE","name":"Justice Department","id":268,"url":"https://www.federalregister.gov/agencies/justice-department","json_url":"https://www.federalregister.gov/api/v1/agencies/268","parent_id":null,"slug":"justice-department"}],"excerpts":"Fund); Executive Order No. 13800, Strengthening the <span class=\"match\">Cybersecurity</span> of Federal Networks and Critical Infrastructure (2017); OMB Circular A-130, Managing Information as a Strategic Resource (2016); OMB Memorandum M-19-16, Centralized Mission Support Capabilities for the Federal Government (2019); Executive Order 14028, Improving the Nation's <span class=\"match\">Cybersecurity</span> (2023).\n \n PURPOSE(S) OF THE SYSTEM: \n The Department of Justice (DOJ) Security <span class=\"match\">Monitoring</span> and Analytics Service (SMAS) provides DOJ-managed <span class=\"match\">cybersecurity</span> services to external federal agency subscribers"},{"title":"Review of Submarine Cable Landing License Rules and Procedures To Assess Evolving National Security, Law Enforcement, Foreign Policy, and Trade Policy Risks","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) adopted a Report and Order that updates the Commission's submarine cable licensing process and adopts rule changes to protect critical U.S. communications infrastructure against foreign adversary threats, specifically those posed by an entity that is owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary. The Report and Order adopts a requirement for certain licensees to file an annual report about the licensee, submarine cable system ownership, and submarine cable operations. The Report and Order adopts a one-time information collection for licensees to identify, among other things, how many entities currently own or operate submarine line terminal equipment (SLTEs) on existing licensed cable systems. The Report and Order also requires applicants and licensees to certify that they have created, updated, and implemented a cybersecurity and physical security risk management plan and requires applicants to certify that the submarine cable system will not use equipment or services identified on the Commission's Covered List. With respect to the circuit capacity data collection, the Report and Order adopts streamlined rules and eliminates the requirement for licensees to file a cable operator report about the capacity on a cable and clarify the types of capacity that need to be reported on an annual basis.","document_number":"2025-19658","html_url":"https://www.federalregister.gov/documents/2025/10/27/2025-19658/review-of-submarine-cable-landing-license-rules-and-procedures-to-assess-evolving-national-security","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-27/pdf/2025-19658.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19658.pdf?1761309905","publication_date":"2025-10-27","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"and Technology (NIST) <span class=\"match\">Cybersecurity</span> Framework (CSF), and incorporates best practices, such as the standards and controls set forth in the <span class=\"match\">Cybersecurity</span> and Infrastructure Security Agency's (CISA) <span class=\"match\">Cybersecurity</span> Cross-Sector Performance Goals and Objectives (CISA CPGs), or the Center for internet Security's Critical Security Controls (CIS Controls). The plan should address both <span class=\"match\">cybersecurity</span> and physical security risks. \n \n 107. This approach is consistent with views of commenters that support a flexible approach to <span class=\"match\">cybersecurity</span> grounded in the NIST"}]}