{"description":"Documents matching 'Cybersecurity Monitoring requirements'","count":1185,"total_pages":50,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=Cybersecurity+Monitoring+requirements&format=json&page=2","results":[{"title":"Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)","type":"Rule","abstract":"DoD is issuing a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification program rule, titled Cybersecurity Maturity Model Certification Program. This final DFARS rule also partially implements a section of the National Defense Authorization Act for Fiscal Year 2020 that directed the Secretary of Defense to develop a consistent, comprehensive framework to enhance cybersecurity for the U.S. defense industrial base.","document_number":"2025-17359","html_url":"https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-17359.pdf?1757421911","publication_date":"2025-09-10","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Defense Acquisition Regulations System","name":"Defense Acquisition Regulations System","id":97,"url":"https://www.federalregister.gov/agencies/defense-acquisition-regulations-system","json_url":"https://www.federalregister.gov/api/v1/agencies/97","parent_id":103,"slug":"defense-acquisition-regulations-system"}],"excerpts":"contracts that include a CMMC <span class=\"match\">requirement</span> will now be required to conduct the cost activities described below in accordance with the provision at DFARS 252.204-7025, Notice of <span class=\"match\">Cybersecurity</span> Maturity Model Certification Level <span class=\"match\">Requirements</span>, and the clause at DFARS 252.204-7021, Contractor Compliance with the <span class=\"match\">Cybersecurity</span> Maturity Model Certification Level <span class=\"match\">Requirements</span>. \n The benefits of this final rule include verification of a defense industrial base (DIB) contractor's implementation of system security <span class=\"match\">requirements</span> that must be applied by all Federal"},{"title":"Intent To Request a Revision From OMB of One Current Public Collection of Information: Cybersecurity Measures for Surface Modes","type":"Notice","abstract":"The Transportation Security Administration (TSA) invites public comment on one currently-approved Information Collection Request (ICR), Office of Management and Budget (OMB) control number 1652-0074, abstracted below, that we will submit to OMB for a revision in compliance with the Paperwork Reduction Act (PRA). The ICR describes the nature of the information collection and its expected burden. The collection concerns data concerning the designation of a Cybersecurity Coordinator; the reporting of cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency; the development of a cybersecurity contingency/recovery plan to address cybersecurity gaps; and the completion of a cybersecurity assessment.","document_number":"2026-07364","html_url":"https://www.federalregister.gov/documents/2026/04/16/2026-07364/intent-to-request-a-revision-from-omb-of-one-current-public-collection-of-information-cybersecurity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-16/pdf/2026-07364.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07364.pdf?1776257113","publication_date":"2026-04-16","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Transportation Security Administration","name":"Transportation Security Administration","id":494,"url":"https://www.federalregister.gov/agencies/transportation-security-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/494","parent_id":227,"slug":"transportation-security-administration"}],"excerpts":"(PRA). The ICR describes the nature of the information collection and its expected burden. The collection concerns data concerning the designation of a <span class=\"match\">Cybersecurity</span> Coordinator; the reporting of <span class=\"match\">cybersecurity</span> incidents to the <span class=\"match\">Cybersecurity</span> and Infrastructure Security Agency; the development of a <span class=\"match\">cybersecurity</span> contingency/recovery plan to address <span class=\"match\">cybersecurity</span> gaps; and the completion of a <span class=\"match\">cybersecurity</span> assessment. \n \n \n DATES: \n Send your comments by June 15, 2026. \n \n \n ADDRESSES: \n \n Comments may be emailed to \n TSAPRA@tsa.dhs.gov \n or delivered"},{"title":"Cybersecurity in the Marine Transportation System","type":"Rule","abstract":"The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.","document_number":"2025-00708","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-00708.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00708.pdf?1736802922","publication_date":"2025-01-17","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"by establishing minimum <span class=\"match\">cybersecurity</span> <span class=\"match\">requirements</span> for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging <span class=\"match\">cybersecurity</span> threats in the marine transportation system by adding minimum <span class=\"match\">cybersecurity</span> <span class=\"match\">requirements</span> to help detect risks and respond to and recover from <span class=\"match\">cybersecurity</span> incidents. These include <span class=\"match\">requirements</span> to develop and maintain a <span class=\"match\">Cybersecurity</span> Plan, designate a <span class=\"match\">Cybersecurity</span> Officer, and take various"},{"title":"Fine Denier Polyester Staple Fiber: Monitoring Developments in the Domestic Industry; Institution and Scheduling Notice for the Subject Investigation","type":"Notice","abstract":"The Commission has instituted investigation No. TA-201-78 (Monitoring), Fine Denier Polyester Staple Fiber: Report on Monitoring of Developments in the Domestic Industry, for the purpose of preparing the report to the President and the Congress required by section 204(a)(2) of the Trade Act of 1974 on its monitoring of developments in the domestic industry following the President's decision to impose a safeguard measure on imports of fine denier polyester staple fiber (\"fine denier PSF\"), as described in Proclamation 10857 of November 8, 2024.","document_number":"2026-10545","html_url":"https://www.federalregister.gov/documents/2026/05/28/2026-10545/fine-denier-polyester-staple-fiber-monitoring-developments-in-the-domestic-industry-institution-and","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-28/pdf/2026-10545.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-10545.pdf?1779885908","publication_date":"2026-05-28","agencies":[{"raw_name":"INTERNATIONAL TRADE COMMISSION","name":"International Trade Commission","id":262,"url":"https://www.federalregister.gov/agencies/international-trade-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/262","parent_id":null,"slug":"international-trade-commission"}],"excerpts":"ACTION: \n Notice. \n \n \n SUMMARY: \n The Commission has instituted investigation No. TA-201-78 (<span class=\"match\">Monitoring</span>), Fine Denier Polyester Staple Fiber: Report on <span class=\"match\">Monitoring</span> of Developments in the Domestic Industry, for the purpose of preparing the report to the President and the Congress required by section 204(a)(2) of the Trade Act of 1974 on its <span class=\"match\">monitoring</span> of developments in the domestic industry following the President's decision to impose a safeguard measure on imports of fine denier polyester staple fiber (“fine denier PSF”), as described in Proclamation"},{"title":"Cybersecurity Maturity Model Certification (CMMC) Program","type":"Rule","abstract":"With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.","document_number":"2024-22905","html_url":"https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22905.pdf?1728650732","publication_date":"2024-10-15","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"regulatory text, all <span class=\"match\">requirements</span> that are scored as NOT MET are identified in a Plan of Action and Milestones (POA&amp;M) to meet the CMMC <span class=\"match\">requirement</span>. Organizations Seeking Assessment (OSAs) satisfy the CMMC <span class=\"match\">requirements</span> needed for contract award by successfully meeting all 110 security <span class=\"match\">requirements</span> of NIST SP 800-171 R2 or by receiving a Conditional CMMC Status when achieving the minimum passing score of 80 percent and only including permittable NOT MET <span class=\"match\">requirements</span> as described in § 170.21 on the POA&amp;M. All <span class=\"match\">requirements</span> that were scored “NOT"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"Through Strengthening <span class=\"match\">Cybersecurity</span>,” \n supra \n note 306.\n \n \n \n \n 313 \n  \n See, e.g., \n “Free <span class=\"match\">Cybersecurity</span> Services and Tools,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/resources-tools/resources/free-<span class=\"match\">cybersecurity</span>-services-and-tools; \n “Cyber Hygiene Services,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure Security Agency, U.S. Department of Homeland Security, \n https://www.cisa.gov/cyber-hygiene-services; \n “<span class=\"match\">Cybersecurity</span> Resources for High-Risk Communities,” <span class=\"match\">Cybersecurity</span> &amp; Infrastructure"},{"title":"Schools and Libraries Cybersecurity Pilot Program","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) stablishes the Schools and Libraries Cybersecurity Pilot Program (Pilot or Pilot Program). The Pilot Program will enable the Commission to evaluate the impact that using Universal Service Fund (USF or Fund) support for eligible cybersecurity services and equipment will have on protecting school and library broadband networks and data. In so doing, the Commission seeks to address the apparent needs of schools and libraries for additional support for cybersecurity services and equipment, while evaluating the impact that providing that support would have on the USF.","document_number":"2024-15866","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-15866/schools-and-libraries-cybersecurity-pilot-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-15866.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-15866.pdf?1722257112","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"for the proposed project, and the <span class=\"match\">cybersecurity</span> risks the proposed Pilot project will prevent or address. \n • The <span class=\"match\">cybersecurity</span> equipment and services the applicant plans to request as part of its proposed project, the ability of the project to be self-sustaining once established, and whether the applicant has a <span class=\"match\">cybersecurity</span> officer or other senior-level staff member designated to be the <span class=\"match\">cybersecurity</span> officer for its Pilot project. \n \n • Whether the applicant has previous experience implementing <span class=\"match\">cybersecurity</span> protections or measures (answered on"},{"title":"Notice of Solicitation of Proposals for the Department of Defense University Consortium for Cybersecurity Support Center","type":"Notice","abstract":"The Secretary of Defense has determined the need for a Support Center (Center) for the University Consortium for Cybersecurity (UC2). The Center will provide, during a two-year term, administrative support for the academic research and engagement activities of UC2. To be eligible, interested institutions must have been designated as National Centers of Academic Excellence (NCAE) in cybersecurity for at least 24 months from the date of the publication of this notice and, further, must demonstrate an understanding of cybersecurity research, be eligible for access to classified material, and demonstrate commitment to the UC2 mission of a closer collaboration between academia and the DoD.","document_number":"2024-20652","html_url":"https://www.federalregister.gov/documents/2024/09/12/2024-20652/notice-of-solicitation-of-proposals-for-the-department-of-defense-university-consortium-for","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-12/pdf/2024-20652.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-20652.pdf?1726058734","publication_date":"2024-09-12","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"designation was created to manage a collaborative <span class=\"match\">cybersecurity</span> educational program with community colleges, colleges, and universities that: (1) establishes standards for <span class=\"match\">cybersecurity</span> curriculum and academic excellence; (2) includes competency development among students and faculty; (3) values community outreach and leadership in professional development; (4) integrates <span class=\"match\">cybersecurity</span> practice within the institution across academic disciplines; and (5) actively engages in solutions to challenges facing <span class=\"match\">cybersecurity</span> education. \n There are three types of designations:"},{"title":"Cybersecurity Labeling for Internet of Things","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission or FCC) establishes a voluntary cybersecurity labeling program for wireless consumer Internet of Things, or IoT, products. The program will provide consumers with an easy-to-understand and quickly recognizable FCC IoT Label that includes the U.S. Cyber Trust Mark and a QR code linked to a dynamic, decentralized, publicly available registry of more detailed cybersecurity information. This program will help consumers make safer purchasing decisions, raise consumer confidence regarding the cybersecurity of the IoT products they buy, and encourage manufacturers to develop IoT products with security-by- design principles in mind.","document_number":"2024-14148","html_url":"https://www.federalregister.gov/documents/2024/07/30/2024-14148/cybersecurity-labeling-for-internet-of-things","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-30/pdf/2024-14148.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-14148.pdf?1722257113","publication_date":"2024-07-30","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"1. Technical expertise in <span class=\"match\">cybersecurity</span> testing and conformity assessment of IoT devices and products. Compliance with all <span class=\"match\">requirements</span> associated with ISO/IEC 17025. If we determine that other ISO standards or other relevant <span class=\"match\">requirements</span> are missing, the Commission will provide guidance to industry on how they may be addressed.\n \n \n 2. Knowledge of FCC rules and procedures associated with IoT <span class=\"match\">cybersecurity</span> compliance testing and certification. \n 3. Necessary equipment, facilities, and personnel to conduct <span class=\"match\">cybersecurity</span> testing and conformity assessment"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Rule","abstract":"The Federal Energy Regulatory Commission (Commission) approves proposed Reliability Standard CIP-015-1 (Cyber Security--Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission directs NERC to develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter. The Commission also provides greater clarity about the term CIP-networked environment as it is used in proposed Reliability Standard CIP-015-1.","document_number":"2025-12309","html_url":"https://www.federalregister.gov/documents/2025/07/02/2025-12309/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-02/pdf/2025-12309.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12309.pdf?1751373912","publication_date":"2025-07-02","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"retaining INSM data associated with anomalous network activity as determined by the applicable responsible entities.\n \n \n • \n <span class=\"match\">Requirement</span> R3: \n responsible entities would be required to implement process(es) to protect INSM <span class=\"match\">monitoring</span> data collected and retained in support of <span class=\"match\">Requirements</span> R1 and R2 to guard against the risk of unauthorized deletion or modification.\n \n \n 14. According to NERC, <span class=\"match\">Requirement</span> R1 applies to data flows within “networks protected by the Responsible Entity's Electronic Security Perimeter(s).” \n 32 \n \n NERC stated that proposed"},{"title":"Potential Enhancements to the Critical Infrastructure Protection Reliability Standards","type":"Notice","abstract":"The Commission withdraws a notice of inquiry, which sought comment on whether the then-effective Critical Infrastructure Protection (CIP) Reliability Standards adequately addressed: cybersecurity risks pertaining to data security, detection of anomalies and events, and mitigation of cybersecurity events. The Commission also sought comment on the potential risk of a coordinated cyberattack on geographically distributed targets and whether Commission action, including potential modifications to the CIP Reliability Standards, would be appropriate to address such risk.","document_number":"2025-12265","html_url":"https://www.federalregister.gov/documents/2025/07/01/2025-12265/potential-enhancements-to-the-critical-infrastructure-protection-reliability-standards","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-07-01/pdf/2025-12265.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-12265.pdf?1751287530","publication_date":"2025-07-01","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"and mitigation of <span class=\"match\">cybersecurity</span> events. Specifically, on January 19, 2023, the Commission issued Order No. 887 directing NERC to develop <span class=\"match\">requirements</span> for internal network security <span class=\"match\">monitoring</span>, which NERC submitted on June 24, 2024. Concurrently with this proceeding, we are approving Reliability Standard CIP-015-1 (Internal Network Security <span class=\"match\">Monitoring</span>) and directing further improvements to the Standard.\n 12 \n \n \n \n \n 12 \n  \n Critical Infrastructure Prot. Reliability Standard CIP-015-1—Cyber Sec.—Internal Network Sec. <span class=\"match\">Monitoring</span>, \n 191 FERC ¶ 61,224"},{"title":"Cybersecurity in the Marine Transportation System","type":"Proposed Rule","abstract":"The Coast Guard proposes to update its maritime security regulations by adding regulations specifically focused on establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and U.S. facilities subject to the Maritime Transportation Security Act of 2002 regulations. This proposed rule would help to address current and emerging cybersecurity threats in the marine transportation system. We seek your comments on this proposed rule and whether we should: use and define the term reportable cyber incident to limit cyber incidents that trigger reporting requirements, use alternative methods of reporting such incidents, and amend the definition of hazardous condition.","document_number":"2024-03075","html_url":"https://www.federalregister.gov/documents/2024/02/22/2024-03075/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-22/pdf/2024-03075.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-03075.pdf?1708523113","publication_date":"2024-02-22","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"650(e)(3) <span class=\"match\">Cybersecurity</span> Measures: Routine Maintenance); \n (7) <span class=\"match\">Cybersecurity</span> measures for access control, including computer, IT, and OT areas (see proposed § 101.650(a) <span class=\"match\">Cybersecurity</span> Measures: Account Measures); \n (8) Physical security controls for IT and OT systems (see proposed § 101.650(i) <span class=\"match\">Cybersecurity</span> Measures: Physical Security); \n (9) <span class=\"match\">Cybersecurity</span> measures for <span class=\"match\">monitoring</span> (see proposed § 101.650(f) <span class=\"match\">Cybersecurity</span> Measures: Supply Chain; (h) Network Segmentation; (i) Physical Security); \n (10) Audits and amendments to the <span class=\"match\">Cybersecurity</span> Plan (see"},{"title":"Strengthening and Promoting Innovation in the Nation's Cybersecurity","type":"Presidential Document","abstract":null,"document_number":"2025-01470","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting-innovation-in-the-nations-cybersecurity","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-01470.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-01470.pdf?1737054015","publication_date":"2025-01-17","agencies":[{"raw_name":"EXECUTIVE OFFICE OF THE PRESIDENT","name":"Executive Office of the President","id":538,"url":"https://www.federalregister.gov/agencies/executive-office-of-the-president","json_url":"https://www.federalregister.gov/api/v1/agencies/538","parent_id":null,"slug":"executive-office-of-the-president"}],"excerpts":"Administration shall each review the civil space contract <span class=\"match\">requirements</span> in the FAR and recommend to the FAR Council and other appropriate agencies updates to civil space <span class=\"match\">cybersecurity</span> <span class=\"match\">requirements</span> and relevant contract language. The recommended <span class=\"match\">cybersecurity</span> <span class=\"match\">requirements</span> and contract language shall use a risk-based, tiered approach for all new civil space systems. Such <span class=\"match\">requirements</span> shall be designed to apply at minimum to the civil space systems' on-orbit segments and link segments. The <span class=\"match\">requirements</span> shall address the following elements for the highest-risk"},{"title":"Pipeline Safety: Remote Monitoring of Hazardous Liquid Pipeline Rectifiers","type":"Proposed Rule","abstract":"This NPRM proposes to clarify that required electrical checks of rectifiers and other cathodic protection equipment may be performed remotely on hazardous liquid and carbon dioxide pipelines. This proposal is consistent with standards previously adopted for gas transmission pipelines.","document_number":"2026-08068","html_url":"https://www.federalregister.gov/documents/2026/04/24/2026-08068/pipeline-safety-remote-monitoring-of-hazardous-liquid-pipeline-rectifiers","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-24/pdf/2026-08068.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-08068.pdf?1776948322","publication_date":"2026-04-24","agencies":[{"raw_name":"DEPARTMENT OF TRANSPORTATION","name":"Transportation Department","id":492,"url":"https://www.federalregister.gov/agencies/transportation-department","json_url":"https://www.federalregister.gov/api/v1/agencies/492","parent_id":null,"slug":"transportation-department"},{"raw_name":"Pipeline and Hazardous Materials Safety Administration","name":"Pipeline and Hazardous Materials Safety Administration","id":408,"url":"https://www.federalregister.gov/agencies/pipeline-and-hazardous-materials-safety-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/408","parent_id":492,"slug":"pipeline-and-hazardous-materials-safety-administration"}],"excerpts":"Regulation and Controlling Regulatory Costs” at 8 (May 5, 2025), \n https://www.regulations.gov/comment/DOT-OST-2025-0026-0874. \n \n \n PHMSA agrees with the commenters and proposes to revise the <span class=\"match\">monitoring</span> <span class=\"match\">requirements</span> in § 195.573(c) to align with the gas transmission pipeline <span class=\"match\">requirements</span> in § 192.465(b). The revised <span class=\"match\">monitoring</span> <span class=\"match\">requirements</span> acknowledge that remote <span class=\"match\">monitoring</span> is an acceptable method for performing required electrical checks to verify that adequate amperage and voltage levels needed to provide cathodic protection are maintained, provided the"},{"title":"Modernizing Security Requirements","type":"Proposed Rule","abstract":"The U.S. Nuclear Regulatory Commission (NRC) is proposing to revise its regulations to modernize security and fitness-for-duty requirements to enhance efficiency, consistent with Executive Order 14300, \"Ordering the Reform of the Nuclear Regulatory Commission.\" The proposed revisions are intended to reduce regulatory burden, where appropriate, while continuing to provide reasonable assurance that safety and security will be adequately maintained at NRC-licensed facilities.","document_number":"2026-12989","html_url":"https://www.federalregister.gov/documents/2026/06/26/2026-12989/modernizing-security-requirements","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-26/pdf/2026-12989.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-12989.pdf?1782391523","publication_date":"2026-06-26","agencies":[{"raw_name":"NUCLEAR REGULATORY COMMISSION","name":"Nuclear Regulatory Commission","id":383,"url":"https://www.federalregister.gov/agencies/nuclear-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/383","parent_id":null,"slug":"nuclear-regulatory-commission"}],"excerpts":"remaining <span class=\"match\">requirements</span> of § 73.55. The <span class=\"match\">requirements</span> of 10 CFR part 26; 10 CFR part 37, “Physical Protection of Category 1 and Category 2 Quantities of Radioactive Material”; and §§ 73.21, “Protection of Safeguards Information: Performance <span class=\"match\">requirements</span>,” 73.22, “Protection of Safeguards Information: Specific <span class=\"match\">requirements</span>,” 73.23, “Protection of Safeguards Information—Modified Handling: Specific <span class=\"match\">requirements</span>,” 73.54, “Protection of digital computer and communication systems and networks,” 73.56, “Personnel access authorization <span class=\"match\">requirements</span> for nuclear"},{"title":"Critical Infrastructure Protection Reliability Standard CIP-015-1-Cyber Security-Internal Network Security Monitoring","type":"Proposed Rule","abstract":"The Federal Energy Regulatory Commission (Commission) proposes to approve proposed Reliability Standard CIP-015-1 (Cyber Security-- Internal Network Security Monitoring), which the North American Electric Reliability Corporation (NERC), submitted in response to a Commission directive. In addition, the Commission proposes to direct that NERC develop certain modifications to proposed Reliability Standard CIP-015-1 to extend internal network security monitoring to include electronic access control or monitoring systems and physical access control systems outside of the electronic security perimeter.","document_number":"2024-22231","html_url":"https://www.federalregister.gov/documents/2024/09/27/2024-22231/critical-infrastructure-protection-reliability-standard-cip-015-1-cyber-security-internal-network","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-27/pdf/2024-22231.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22231.pdf?1727354733","publication_date":"2024-09-27","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"},{"raw_name":"Federal Energy Regulatory Commission","name":"Federal Energy Regulatory Commission","id":167,"url":"https://www.federalregister.gov/agencies/federal-energy-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/167","parent_id":136,"slug":"federal-energy-regulatory-commission"}],"excerpts":"Internal Network Security <span class=\"match\">Monitoring</span> (INSM) \n 4 \n \n to include electronic access control or <span class=\"match\">monitoring</span> systems (EACMS) \n 5 \n \n and physical access control systems (PACS) \n 6 \n \n outside of the electronic security perimeter.\n \n \n \n 1 \n  16 U.S.C. 824o(d)(2).\n \n \n \n \n 2 \n  \n Internal Network Sec. <span class=\"match\">Monitoring</span> for High &amp; Medium Impact Bulk Elec. Sys. Cyber Sys., \n Order No. 887, 88 FR 8354 (Feb. 9, 2023), 182 FERC ¶ 61,021 (2023).\n \n \n \n \n 3 \n  16 U.S.C. 824o(d)(5).\n \n \n \n \n 4 \n  INSM is “a subset of network security <span class=\"match\">monitoring</span> that is applied within"},{"title":"Federal Acquisition Regulation: Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems","type":"Proposed Rule","abstract":"DoD, GSA, and NASA are proposing to amend the Federal Acquisition Regulation (FAR) to partially implement an Executive Order to standardize cybersecurity contractual requirements across Federal agencies for unclassified Federal information systems, and a statute on improving the Nation's cybersecurity.","document_number":"2023-21327","html_url":"https://www.federalregister.gov/documents/2023/10/03/2023-21327/federal-acquisition-regulation-standardizing-cybersecurity-requirements-for-unclassified-federal","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-10-03/pdf/2023-21327.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-21327.pdf?1696250724","publication_date":"2023-10-03","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"GENERAL SERVICES ADMINISTRATION","name":"General Services Administration","id":210,"url":"https://www.federalregister.gov/agencies/general-services-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/210","parent_id":null,"slug":"general-services-administration"},{"raw_name":"NATIONAL AERONAUTICS AND SPACE ADMINISTRATION","name":"National Aeronautics and Space Administration","id":301,"url":"https://www.federalregister.gov/agencies/national-aeronautics-and-space-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/301","parent_id":null,"slug":"national-aeronautics-and-space-administration"}],"excerpts":"consent-banners. \n The contract may include more specific <span class=\"match\">requirements</span> for consent banners; such <span class=\"match\">requirements</span> will be consistent with the CISA guidance linked above;\n \n \n (iv) \n Internet of Things devices. \n Apply any additional <span class=\"match\">cybersecurity</span> <span class=\"match\">requirements</span> necessary for IoT devices located within the boundary of the FIS in accordance with the current version of NIST SP 800-213, IoT Device <span class=\"match\">Cybersecurity</span> Guidance for the Federal Government: Establishing IoT Device <span class=\"match\">Cybersecurity</span> <span class=\"match\">Requirements</span>; and\n \n \n (v) \n Annual assessments. \n For a FIS designated"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of Housing and Urban Development (HUD), Office of Chief Information Officer (OCIO), and Infrastructure and Operations (IOO), is issuing a public notice of its intent to establish a Privacy Act System of Records Notice (SORN) titled \"Sumo Logic.\" Sumo Logic serves as HUD's Security Information and Event Management (SIEM) tool, supporting centralized log collection, aggregation, and security monitoring. It collects system log data from HUD applications, infrastructure, security tools, and cloud platforms, and performs event correlation, custom searches, dashboard monitoring, scheduled reporting, and other standard security monitoring. This newly established system will be included in HUD's inventory of record systems.","document_number":"2026-11613","html_url":"https://www.federalregister.gov/documents/2026/06/10/2026-11613/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-10/pdf/2026-11613.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11613.pdf?1781009113","publication_date":"2026-06-10","agencies":[{"raw_name":"DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT","name":"Housing and Urban Development Department","id":228,"url":"https://www.federalregister.gov/agencies/housing-and-urban-development-department","json_url":"https://www.federalregister.gov/api/v1/agencies/228","parent_id":null,"slug":"housing-and-urban-development-department"}],"excerpts":"System Modernization Act of 2014 (FISMA), Public Law 113-283, 44 U.S.C. 3554; Executive Order 14028, Improving the Nation's <span class=\"match\">Cybersecurity</span> (May 12, 2021); and OMB Memorandum 21-31, Improving the Federal Government's Investigative and Remediation Capabilities Related to <span class=\"match\">Cybersecurity</span> Incidents (August 27, 2021). \n PURPOSE(S) OF THE SYSTEM: \n Sumo Logic supports HUD's <span class=\"match\">cybersecurity</span> operations by enabling centralized system <span class=\"match\">monitoring</span>, threat detection, event correlation and incident investigation. \n CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: \n The"},{"title":"Statement of Organization, Functions, and Delegations of Authority","type":"Notice","abstract":"The Centers for Medicare and Medicaid Services (CMS), Office of Health Technology and Products (OHTP), has been established. This new organizational component will provide enterprise leadership and oversight for CMS healthcare technology modernization, digital products, and transformation of platforms and services supporting Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and other CMS-administered programs, in close coordination with the CMS Chief Information Officer (CIO) and subject to CIO-led enterprise information technology (IT) governance, cybersecurity, enterprise architecture, and capital planning and investment control responsibilities, as well as CIO-led digital service delivery, customer experience, and public digital experience responsibilities under applicable law.","document_number":"2026-11743","html_url":"https://www.federalregister.gov/documents/2026/06/11/2026-11743/statement-of-organization-functions-and-delegations-of-authority","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-11/pdf/2026-11743.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11743.pdf?1781095520","publication_date":"2026-06-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"components, shared platforms, and delivery capacity that support beneficiary-facing digital services, national infrastructure modernization, AI strategy, and Medicaid and CHIP technology initiatives—all while ensuring alignment with Federal IT governance, <span class=\"match\">cybersecurity</span>, and acquisition oversight <span class=\"match\">requirements</span>. \n • Establish and maintain guidance, policies, practices, and talent pipelines that advance access, build trust, and amplify impact across CMS, HHS, and Federal Open Source Ecosystems by working and sharing openly. \n Standards &amp; Interoperability"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, and the Office of Management and Budget (OMB) Circular No. A-108, notice is given that the Office of Personnel Management (OPM) proposes to establish a new system of records titled, \"OPM/Internal-3, Information Technology, Information System, and Network Activity and Access Records.\" This new system is established to reflect changes in technology, including the increased ability of OPM to link individuals to information technology, information system, or network activity, and to better describe OPM's records linking individuals to reported cybersecurity incidents or their access to certain OPM information technologies, information systems, and networks through the internet or other authorized connections.","document_number":"2025-19092","html_url":"https://www.federalregister.gov/documents/2025/10/01/2025-19092/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-10-01/pdf/2025-19092.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-19092.pdf?1759236309","publication_date":"2025-10-01","agencies":[{"raw_name":"OFFICE OF PERSONNEL MANAGEMENT","name":"Personnel Management Office","id":406,"url":"https://www.federalregister.gov/agencies/personnel-management-office","json_url":"https://www.federalregister.gov/api/v1/agencies/406","parent_id":null,"slug":"personnel-management-office"}],"excerpts":"network and aggregated in databases searchable by identifying characteristics, including, but not limited to, name, user ID, email address, or IP address. Records may be retrieved as part of routine network and information system security <span class=\"match\">monitoring</span>, <span class=\"match\">cybersecurity</span> incident response, database activity <span class=\"match\">monitoring</span>, or in support of other administrative or security investigations in accordance with appropriate laws, rules, and policies. \n POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: \n Records of verification, authorization, access, and"}]}