{"description":"Documents matching 'unauthorized disclosure compromise classified information'","count":1016,"total_pages":50,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=unauthorized+disclosure+compromise+classified+information&format=json&page=2","results":[{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"The NCSC is revising a system of records subject to the Privacy Act of 1974, as amended, 5 U.S.C. 552a, in order to (1) update the name to ODNI/NCSC--001, \"Damage Assessment Records\"; (2) update and modernize the administrative information; (3) clarify that the scope of the damage assessments is not limited to espionage or criminal violations but to actual or potential damage to national security resulting from the unauthorized disclosure or compromise of classified information; (4) clarify the categories of individuals covered by the system and records in the system to align with the lawful scope of damage assessments; and (5) clarify that portions of records, and not only final damage assessments, may be disclosed pursuant to the routine uses.","document_number":"2025-14825","html_url":"https://www.federalregister.gov/documents/2025/08/05/2025-14825/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-08-05/pdf/2025-14825.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-14825.pdf?1754311517","publication_date":"2025-08-05","agencies":[{"raw_name":"OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE","name":"National Intelligence, Office of the National Director","id":354,"url":"https://www.federalregister.gov/agencies/national-intelligence-office-of-the-national-director","json_url":"https://www.federalregister.gov/api/v1/agencies/354","parent_id":null,"slug":"national-intelligence-office-of-the-national-director"}],"excerpts":"from an <span class=\"match\">unauthorized</span> <span class=\"match\">disclosure</span> of <span class=\"match\">classified</span> <span class=\"match\">information</span>. \n CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: \n Individuals known or suspected to have committed an <span class=\"match\">unauthorized</span> <span class=\"match\">disclosure</span> or <span class=\"match\">compromise</span> of <span class=\"match\">classified</span> <span class=\"match\">information</span>, including those convicted of, or indicted for, espionage or other national security-related crimes, and whose activities are the subject of an NCSC-led damage assessment; individuals whose identities and government affiliations are known or believed to have been <span class=\"match\">compromised</span> as a result of the <span class=\"match\">unauthorized</span> <span class=\"match\">disclosure</span>; individuals"},{"title":"Privacy Act of 1974; System of Records","type":"Notice","abstract":"In accordance with the Privacy Act of 1974, the Department of the Army is modifying and reissuing a current system of records notice (SORN) titled \"Personnel Security Clearance Information Files,\" A0380-67 DAMI. The SORN is being retitled \"U.S. Army Security and Foreign Disclosure Files,\" with a new identifier of A0 0001 DAMI. Originally established to facilitate the processing of personnel security clearance actions, the SORN also documented clearances granted or denied and confirmed eligibility for access to classified information or assignment to sensitive positions. A separate notice rescinding Army SORN A0001 DAMI, \"Controlled Accountable Document Inventory System,\" is being published elsewhere in this issue of the Federal Register. This update incorporates the DoD standard routine uses and supports additional information sharing outside of the DoD. It also expands the authorities for maintaining the system, integrates records previously managed under the Controlled Accountable Document Inventory System, addresses records maintained across all general intelligence security disciplines, and expands on the purposes of such uses. Additionally, the update revises system locations and managers. These changes align the SORN with modernized automation systems and ensure compliance with applicable regulatory requirements.","document_number":"2026-01236","html_url":"https://www.federalregister.gov/documents/2026/01/23/2026-01236/privacy-act-of-1974-system-of-records","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-01-23/pdf/2026-01236.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-01236.pdf?1769089514","publication_date":"2026-01-23","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Department of the Army","name":"Army Department","id":32,"url":"https://www.federalregister.gov/agencies/army-department","json_url":"https://www.federalregister.gov/api/v1/agencies/32","parent_id":103,"slug":"army-department"}],"excerpts":"audit data, <span class=\"match\">information</span> about and evidence of <span class=\"match\">unauthorized</span> use or misuse of <span class=\"match\">information</span> technology systems, logs of printer, copier, and facsimile machine use, and <span class=\"match\">information</span> pertaining to the accountability, safeguarding, and disposition of <span class=\"match\">classified</span> and CUI material. \n N. U.S. and foreign finance and real estate <span class=\"match\">information</span>, including financial institutions names, account <span class=\"match\">information</span> and balances, real estate <span class=\"match\">information</span>, such as address, year of purchase and price, capital investment costs, lease or/rental <span class=\"match\">information</span>, asset <span class=\"match\">information</span> including"},{"title":"Privacy Act of 1974; Implementation","type":"Rule","abstract":"The Executive Office for Immigration Review (EOIR), a component within the United States Department of Justice (DOJ or Department), is finalizing without changes its Privacy Act exemption regulations for the system of records titled, Adjudication and Appeal Records of the Office of the Chief Immigration Judge and Board of Immigration Appeals, JUSTICE/EOIR-001, which were published as a Notice of Proposed Rulemaking (NPRM) on August 29, 2025. Specifically, the Department's regulations will exempt the records maintained in JUSTICE/ EOIR-001 from one or more provisions of the Privacy Act. The exemptions are necessary to protect properly classified information and law enforcement sensitive materials maintained in the system. The Department received one anonymous comment in support of this rulemaking in response to the NPRM.","document_number":"2026-02882","html_url":"https://www.federalregister.gov/documents/2026/02/13/2026-02882/privacy-act-of-1974-implementation","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-02-13/pdf/2026-02882.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-02882.pdf?1770903910","publication_date":"2026-02-13","agencies":[{"raw_name":"DEPARTMENT OF JUSTICE","name":"Justice Department","id":268,"url":"https://www.federalregister.gov/agencies/justice-department","json_url":"https://www.federalregister.gov/api/v1/agencies/268","parent_id":null,"slug":"justice-department"}],"excerpts":"Review's Records and Management <span class=\"match\">Information</span> System (JUSTICE/EOIR-001). \n This exemption applies only to the extent that records in the system are subject to exemption pursuant to 5 U.S.C. 552a(k)(1) and (2). \n (b) Exemption from the subsections set forth below is justified for the following reasons: \n \n (1) From subsection (d) because access to <span class=\"match\">information</span> which has been properly <span class=\"match\">classified</span> pursuant to an Executive Order could have an adverse effect on the national security. In addition, from subsection (d) because <span class=\"match\">unauthorized</span> access to certain investigatory"},{"title":"Privacy Act of 1974; Implementation","type":"Proposed Rule","abstract":"In the Notice section of today's Federal Register, the Executive Office for Immigration Review (EOIR), a component within the United States Department of Justice (DOJ or Department), has published a notice of a modified system of records, Adjudication and Appeal Records of the Office of the Chief Immigration Judge and Board of Immigration Appeals, JUSTICE/EOIR-001. This system of records has been exempted from the access and amendment provisions of the Privacy Act of 1974, U.S.C. 552a(d), pursuant to 5 U.S.C. 552a(k)(1), and (k)(2). See 28 CFR 16.83. In this notice of proposed rulemaking, EOIR proposes to update 28 CFR 16.83 consistent with the system of records' modifications to exempt this system of records from certain provisions of the Privacy Act to protect properly classified information and law enforcement sensitive materials maintained in the system. For the reasons provided below, the Department proposes to update its Privacy Act regulations exempting records in this system from certain provisions of the Privacy Act. Public comment is invited.","document_number":"2025-16648","html_url":"https://www.federalregister.gov/documents/2025/08/29/2025-16648/privacy-act-of-1974-implementation","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-08-29/pdf/2025-16648.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-16648.pdf?1756385127","publication_date":"2025-08-29","agencies":[{"raw_name":"DEPARTMENT OF JUSTICE","name":"Justice Department","id":268,"url":"https://www.federalregister.gov/agencies/justice-department","json_url":"https://www.federalregister.gov/api/v1/agencies/268","parent_id":null,"slug":"justice-department"}],"excerpts":"Department's public docket. Such <span class=\"match\">information</span> includes personally identifying <span class=\"match\">information</span> (such as your name, address, etc.) voluntarily submitted by the commenter. If you want to submit personal identifying <span class=\"match\">information</span> (such as your name, address, etc.) as part of your comment, but do not want it to be posted online or made available in the public docket, you must include the phrase “PERSONAL IDENTIFYING <span class=\"match\">INFORMATION</span>” in the first paragraph of your comment. You must also place all personal identifying <span class=\"match\">information</span> that you do not want posted online"},{"title":"Agency Information Collection Activities: Post-Contract Award Information","type":"Notice","abstract":"The Department of Homeland Security will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. DHS previously published this information collection request (ICR) in the Federal Register on September 9, 2024, for a 60-day public comment period. No comments were received by DHS. The purpose of this notice is to allow additional 30-days for public comments.","document_number":"2025-09580","html_url":"https://www.federalregister.gov/documents/2025/05/28/2025-09580/agency-information-collection-activities-post-contract-award-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-05-28/pdf/2025-09580.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-09580.pdf?1748349919","publication_date":"2025-05-28","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"}],"excerpts":"proposed collection of <span class=\"match\">information</span>, including the validity of the methodology and assumptions used; \n 3. Enhance the quality, utility, and clarity of the <span class=\"match\">information</span> to be collected; and \n \n 4. Minimize the burden of the collection of <span class=\"match\">information</span> on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of <span class=\"match\">information</span> technology, \n e.g., \n permitting electronic submissions of responses.\n \n \n \n \n SUPPLEMENTARY <span class=\"match\">INFORMATION</span>: \n \n The Department of"},{"title":"Protecting Our Communications Networks by Promoting Transparency Regarding Foreign Adversary Control","type":"Proposed Rule","abstract":"In this document, the Federal Communications Commission (Commission) proposes to protect the Nation's communications networks against foreign adversary threats by proposing to expand foreign ownership disclosure requirements for covered Commission-issued licenses and authorizations. The proposed certification and information collection requirements would fill gaps in the Commission's existing rules and give the Commission, and the public, a new and comprehensive view of threats from foreign adversaries in the communications sector. Specifically, the Commission proposes to apply new certification and disclosure requirements on entities holding every type of license, permit, or authorization, rather than only certain specific licenses, as the Commission currently does. Furthermore, the Commission proposes to go beyond foreign ownership to also cover all regulated entities controlled by or subject to the jurisdiction or direction of a foreign adversary.","document_number":"2025-11360","html_url":"https://www.federalregister.gov/documents/2025/06/20/2025-11360/protecting-our-communications-networks-by-promoting-transparency-regarding-foreign-adversary-control","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-06-20/pdf/2025-11360.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-11360.pdf?1750250720","publication_date":"2025-06-20","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"structured and what <span class=\"match\">information</span> should be required?\n \n We propose to make the certifications and <span class=\"match\">information</span> collected available to the public, and seek comment on our proposal. Should we publish all <span class=\"match\">information</span> or only a subset of the <span class=\"match\">information</span> collected? If we were to publish a subset, how should we determine what to publish? \n Should we require additional <span class=\"match\">information</span> from Regulatees with reportable Foreign Adversary Control? Is there additional <span class=\"match\">information</span> that could be useful in explaining direction or control? Should we seek <span class=\"match\">information</span> on the extent"},{"title":"Defense Federal Acquisition Regulation Supplement: Mitigating Risks Related to Foreign Ownership, Control, or Influence (DFARS Case 2021-D011)","type":"Proposed Rule","abstract":"DoD is proposing to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement sections of the National Defense Authorization Act for Fiscal Years 2020 and 2021 to mitigate risks related to beneficial ownership or foreign ownership, control, or influence. This proposed rule also implements elements of a DoD policy.","document_number":"2026-09067","html_url":"https://www.federalregister.gov/documents/2026/05/07/2026-09067/defense-federal-acquisition-regulation-supplement-mitigating-risks-related-to-foreign-ownership","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-07/pdf/2026-09067.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-09067.pdf?1778071527","publication_date":"2026-05-07","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Defense Acquisition Regulations System","name":"Defense Acquisition Regulations System","id":97,"url":"https://www.federalregister.gov/agencies/defense-acquisition-regulations-system","json_url":"https://www.federalregister.gov/api/v1/agencies/97","parent_id":103,"slug":"defense-acquisition-regulations-system"}],"excerpts":"contracts that do not involve access to <span class=\"match\">classified</span> <span class=\"match\">information</span>. Historically, this has been a significant vulnerability. Foreign adversaries have exploited this gap to gain access to sensitive, unclassified <span class=\"match\">information</span>, intellectual property, and critical technologies through various \n \n ownership, control, and influence avenues of foreign interest. By mandating the <span class=\"match\">disclosure</span> of FOCI and beneficial ownership, this rule proposes to close that gap, directly reducing the risk of <span class=\"match\">unauthorized</span> access to DoD <span class=\"match\">information</span> and mitigating the potential for theft"},{"title":"Proposed Information Collections; Comment Request (No. 94)","type":"Notice","abstract":"As part of our continuing effort to reduce paperwork and respondent burden, and as required by the Paperwork Reduction Act of 1995, we invite comments on the continuing or proposed information collections listed below in this document.","document_number":"2024-28008","html_url":"https://www.federalregister.gov/documents/2024/11/29/2024-28008/proposed-information-collections-comment-request-no-94","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-11-29/pdf/2024-28008.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-28008.pdf?1732715145","publication_date":"2024-11-29","agencies":[{"raw_name":"DEPARTMENT OF THE TREASURY","name":"Treasury Department","id":497,"url":"https://www.federalregister.gov/agencies/treasury-department","json_url":"https://www.federalregister.gov/api/v1/agencies/497","parent_id":null,"slug":"treasury-department"},{"raw_name":"Alcohol and Tobacco Tax and Trade Bureau","name":"Alcohol and Tobacco Tax and Trade Bureau","id":18,"url":"https://www.federalregister.gov/agencies/alcohol-and-tobacco-tax-and-trade-bureau","json_url":"https://www.federalregister.gov/api/v1/agencies/18","parent_id":497,"slug":"alcohol-and-tobacco-tax-and-trade-bureau"}],"excerpts":"including whether the <span class=\"match\">information</span> has practical utility; (b) the accuracy of the agency's estimate of the <span class=\"match\">information</span> collection's burden; (c) ways to enhance the quality, utility, and clarity of the <span class=\"match\">information</span> collected; (d) ways to minimize the <span class=\"match\">information</span> collection's burden on respondents, including through the use of automated collection techniques or other forms of <span class=\"match\">information</span> technology; and (e) estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide the requested <span class=\"match\">information</span>.\n \n An agency"},{"title":"Agency Information Collection Activities: Post-Contract Award Information; OMB Control No. 1600-0003","type":"Notice","abstract":"The Department of Homeland Security will submit the following Information Collection Request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995.","document_number":"2024-20270","html_url":"https://www.federalregister.gov/documents/2024/09/09/2024-20270/agency-information-collection-activities-post-contract-award-information-omb-control-no-1600-0003","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-09/pdf/2024-20270.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-20270.pdf?1725626743","publication_date":"2024-09-09","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"}],"excerpts":"to fairness regarding DEIA. Failure to collect a DEIA Plan would prohibit DHS from understanding the contractor's plan to recruit, train, and develop a diverse, high-performing workforce from underserved communities. <span class=\"match\">Disclosure</span>/non-<span class=\"match\">disclosure</span> of <span class=\"match\">information</span> is handled in accordance with the Freedom of <span class=\"match\">Information</span> Act, other <span class=\"match\">disclosure</span> statutes, and Federal and agency acquisition regulations. \n The burden estimates provided in response to Item 12 above are based upon definitive contract award data reported by DHS and its Components, as well as DHS"},{"title":"Modernizing Security Requirements","type":"Proposed Rule","abstract":"The U.S. Nuclear Regulatory Commission (NRC) is proposing to revise its regulations to modernize security and fitness-for-duty requirements to enhance efficiency, consistent with Executive Order 14300, \"Ordering the Reform of the Nuclear Regulatory Commission.\" The proposed revisions are intended to reduce regulatory burden, where appropriate, while continuing to provide reasonable assurance that safety and security will be adequately maintained at NRC-licensed facilities.","document_number":"2026-12989","html_url":"https://www.federalregister.gov/documents/2026/06/26/2026-12989/modernizing-security-requirements","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-26/pdf/2026-12989.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-12989.pdf?1782391523","publication_date":"2026-06-26","agencies":[{"raw_name":"NUCLEAR REGULATORY COMMISSION","name":"Nuclear Regulatory Commission","id":383,"url":"https://www.federalregister.gov/agencies/nuclear-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/383","parent_id":null,"slug":"nuclear-regulatory-commission"}],"excerpts":"regulation under which the licensee is reporting an event. \n \n (t) \n <span class=\"match\">Classified</span> <span class=\"match\">information</span>. \n \n (1) A licensee's notifications regarding security events associated with the deliberate <span class=\"match\">disclosure</span>, theft, loss, <span class=\"match\">compromise</span>, or possible <span class=\"match\">compromise</span> of <span class=\"match\">classified</span> documents, <span class=\"match\">information</span>, or material must comply with the requirements found in § 95.57 of this chapter. \n (2) A licensee notifying the NRC of an event involving both <span class=\"match\">information</span> security issues (regarding <span class=\"match\">classified</span> documents, <span class=\"match\">information</span>, or material) pursuant to § 95.57 of this chapter and physical"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"\n \n \n \n \n 4 \n  45 CFR 160.103 (definition of “Protected health <span class=\"match\">information</span>”).\n \n \n \n \n 5 \n  45 CFR 160.103 (definition of “Individually identifiable health <span class=\"match\">information</span>”).\n \n \n \n \n 6 \n  At times throughout this NPRM, the Department uses the terms “health <span class=\"match\">information</span>” or “individuals' health <span class=\"match\">information</span>” to refer generically to health <span class=\"match\">information</span> pertaining to an individual or individuals. In contrast, the Department's use of the term “IIHI” refers to a category of health <span class=\"match\">information</span> defined in HIPAA, and “PHI” is used to refer specifically to a category"},{"title":"Data Breach Reporting Requirements","type":"Rule","abstract":"In this document, the Federal Communications Commission (Commission) modifies the Commission's data breach notification rules to better ensure that providers of telecommunications, interconnected Voice over Internet Protocol (VoIP), and telecommunications relay services (TRS) are held accountable in their obligations to safeguard sensitive customer information, and to provide customers with the tools needed to protect themselves in the event that their data is compromised.","document_number":"2024-01667","html_url":"https://www.federalregister.gov/documents/2024/02/12/2024-01667/data-breach-reporting-requirements","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-02-12/pdf/2024-01667.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-01667.pdf?1707486318","publication_date":"2024-02-12","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"the conversations, and/or other layers of <span class=\"match\">information</span> is also disclosed. This contextual approach to gauging the sensitivity of customer <span class=\"match\">information</span> is consistent with the definition of PII the Commission adopts above with respect to its breach notification rules, which considers whether <span class=\"match\">information</span> is disclosed in combination with other <span class=\"match\">information</span> which inherently increases the risk associated with the <span class=\"match\">disclosure</span>. Additionally, harm is more likely if financial <span class=\"match\">information</span> or sensitive personal <span class=\"match\">information</span> was included in the breach. Commenters agree"},{"title":"Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure","type":"Rule","abstract":"The Securities and Exchange Commission (\"Commission\") is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. Specifically, we are adopting amendments to require current disclosure about material cybersecurity incidents. We are also adopting rules requiring periodic disclosures about a registrant's processes to assess, identify, and manage material cybersecurity risks, management's role in assessing and managing material cybersecurity risks, and the board of directors' oversight of cybersecurity risks. Lastly, the final rules require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (\"Inline XBRL\").","document_number":"2023-16194","html_url":"https://www.federalregister.gov/documents/2023/08/04/2023-16194/cybersecurity-risk-management-strategy-governance-and-incident-disclosure","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-08-04/pdf/2023-16194.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-16194.pdf?1691070880","publication_date":"2023-08-04","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"excerpts":"cybersecurity risks appear to be providing such <span class=\"match\">disclosures</span> in the risk factor section of their annual reports on Form 10-K, the <span class=\"match\">disclosures</span> are sometimes included with other unrelated <span class=\"match\">disclosures</span>, which makes it more difficult for investors to locate, interpret, and analyze the <span class=\"match\">information</span> provided.\n 10 \n \n \n \n \n 10 \n  \n See infra \n Section IV.A (noting that current cybersecurity <span class=\"match\">disclosures</span> appear in varying sections of companies' periodic and current reports and are sometimes included with other unrelated <span class=\"match\">disclosures</span>).\n \n \n \n In the Proposing Release, the"},{"title":"National Industrial Security Program Operating Manual (NISPOM); Amendment","type":"Proposed Rule","abstract":"DoD is proposing amendments to the National Industrial Security Program Operating Manual (NISPOM) based on public comments received on a final rule published on December 21, 2020. The proposed amendments address implementation guidance and costs for the Security Executive Agent Directive (SEAD) 3, clarifications on procedures for the protection and reproduction of classified information, controlled unclassified information (CUI), National Interest Determination (NID) requirements for cleared contractors operating under a Special Security Agreement for Foreign Ownership, Control or Influence, and eligibility determinations for personnel security clearance processes and requirements.","document_number":"2023-27171","html_url":"https://www.federalregister.gov/documents/2023/12/13/2023-27171/national-industrial-security-program-operating-manual-nispom-amendment","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-12-13/pdf/2023-27171.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-27171.pdf?1702388715","publication_date":"2023-12-13","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"safeguarding. \n Contractors will be responsible for safeguarding <span class=\"match\">classified</span> <span class=\"match\">information</span> in their custody or under their control, with approval for such storage of <span class=\"match\">classified</span> <span class=\"match\">information</span> by the applicable CSA. Individuals are responsible for safeguarding <span class=\"match\">classified</span> <span class=\"match\">information</span> entrusted to them. Contractors will provide the extent of protection to <span class=\"match\">classified</span> <span class=\"match\">information</span> in accordance with the provisions of this rule.\n \n \n \n (2) \n Restricted areas. \n When it is necessary to control access to <span class=\"match\">classified</span> material and an open storage area is not available, a restricted"},{"title":"Federal Acquisition Regulation: Revolutionary Federal Acquisition Regulation Overhaul Parts 1, 2, 4, 33, 39, 40, and 53","type":"Proposed Rule","abstract":"OFPP, DoD, GSA, and NASA (collectively referred to as the Federal Acquisition Regulatory Council or FAR Council) are proposing to amend the Federal Acquisition Regulation (FAR) to implement Executive Order (E.O.) 14275, Restoring Common Sense to Federal Procurement. The E.O. directs the elimination of excessive acquisition regulations to stop the inefficient use of American taxpayer dollars. The FAR Council is issuing twelve proposed rules that collectively will streamline the FAR in its entirety. This rule proposes revisions to FAR parts 1, 2, 4, 33, 39, 40, 52, and 53.","document_number":"2026-12559","html_url":"https://www.federalregister.gov/documents/2026/06/23/2026-12559/federal-acquisition-regulation-revolutionary-federal-acquisition-regulation-overhaul-parts-1-2-4-33","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-23/pdf/2026-12559.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-12559.pdf?1782132314","publication_date":"2026-06-23","agencies":[{"raw_name":"OFFICE OF MANAGEMENT AND BUDGET","name":"Management and Budget Office","id":280,"url":"https://www.federalregister.gov/agencies/management-and-budget-office","json_url":"https://www.federalregister.gov/api/v1/agencies/280","parent_id":null,"slug":"management-and-budget-office"},{"raw_name":"Office of Federal Procurement Policy","name":"Federal Procurement Policy Office","id":184,"url":"https://www.federalregister.gov/agencies/federal-procurement-policy-office","json_url":"https://www.federalregister.gov/api/v1/agencies/184","parent_id":280,"slug":"federal-procurement-policy-office"},{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"GENERAL SERVICES ADMINISTRATION","name":"General Services Administration","id":210,"url":"https://www.federalregister.gov/agencies/general-services-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/210","parent_id":null,"slug":"general-services-administration"},{"raw_name":"NATIONAL AERONAUTICS AND SPACE ADMINISTRATION","name":"National Aeronautics and Space Administration","id":301,"url":"https://www.federalregister.gov/agencies/national-aeronautics-and-space-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/301","parent_id":null,"slug":"national-aeronautics-and-space-administration"}],"excerpts":"restrict the publication or <span class=\"match\">disclosure</span> regarding the details of any safeguards that are Federal contract <span class=\"match\">information</span> (see FAR 52.240-5, Covered Federal <span class=\"match\">Information</span>). Other controls exist that restrict <span class=\"match\">disclosure</span> of certain <span class=\"match\">information</span> and provide safeguards for Federal <span class=\"match\">information</span> systems (\n e.g., \n a system security plan is protected from <span class=\"match\">disclosure</span> under National Institute of Standards and Technology (NIST) control PM-1: <span class=\"match\">Information</span> Security Program Plan, and a supply chain risk management plan is protected from <span class=\"match\">disclosure</span> under NIST control SR-2:"},{"title":"Establishment of Independent Panel To Review Actions Relating to the Attempted Assassination of Former President Donald J. Trump","type":"Notice","abstract":"In order to facilitate an effective review of the security provided by the U.S. Secret Service to Former President Donald J. Trump on July 13, 2024, the Department of Homeland Security (Department or DHS) is creating an Independent Review Panel (Panel). Pursuant to the Homeland Security Act of 2002, the Department is taking immediate measures to establish this independent panel of experts to inquire into the planning for and actions taken by the U.S. Secret Service and state and local authorities, before, during, and after the July 13, 2024, attempted assassination of Former President Donald J. Trump at a campaign rally in Butler, Pennsylvania. The Panel will also review the governing policies and procedures and provide findings and recommendations to the Secretary of Homeland Security.","document_number":"2024-16290","html_url":"https://www.federalregister.gov/documents/2024/07/24/2024-16290/establishment-of-independent-panel-to-review-actions-relating-to-the-attempted-assassination-of","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-07-24/pdf/2024-16290.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-16290.pdf?1721652332","publication_date":"2024-07-24","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"}],"excerpts":"panel to discuss the sensitive and <span class=\"match\">classified</span> <span class=\"match\">information</span> surrounding the events of July 13, 2024, in an appropriate setting. The FACA contains several exceptions to its general <span class=\"match\">disclosure</span> rules, but the use of those exceptions is not sufficient to address the proper handling of <span class=\"match\">classified</span> material and the protection of law enforcement sensitive <span class=\"match\">information</span> in this unique context. The <span class=\"match\">information</span> that will be discussed and reviewed by this Panel will be deliberative in nature and will involve <span class=\"match\">classified</span> <span class=\"match\">information</span> that, if discussed in public, would"},{"title":"Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles","type":"Rule","abstract":"This final rule, published by the Department of Commerce's (Department) Bureau of Industry and Security (BIS), sets forth regulations and procedures to address undue or unacceptable risks to national security and U.S. persons posed by classes of transactions involving information and communications technology and services (ICTS) that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of certain foreign adversaries and that are integral to connected vehicles as defined herein.","document_number":"2025-00592","html_url":"https://www.federalregister.gov/documents/2025/01/16/2025-00592/securing-the-information-and-communications-technology-and-services-supply-chain-connected-vehicles","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-16/pdf/2025-00592.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00592.pdf?1736862326","publication_date":"2025-01-16","agencies":[{"raw_name":"DEPARTMENT OF COMMERCE","name":"Commerce Department","id":54,"url":"https://www.federalregister.gov/agencies/commerce-department","json_url":"https://www.federalregister.gov/api/v1/agencies/54","parent_id":null,"slug":"commerce-department"},{"raw_name":"Bureau of Industry and Security","name":"Industry and Security Bureau","id":241,"url":"https://www.federalregister.gov/agencies/industry-and-security-bureau","json_url":"https://www.federalregister.gov/api/v1/agencies/241","parent_id":54,"slug":"industry-and-security-bureau"}],"excerpts":"Conformity, particularly those containing <span class=\"match\">classified</span> or sensitive proprietary <span class=\"match\">information</span>. These controls could include encryption of submissions, limiting access to authorized personnel only, and ensuring that proprietary <span class=\"match\">information</span> is not unnecessarily shared during any public <span class=\"match\">disclosure</span> or regulatory review processes. One commenter also requested that BIS delete CBI provided in support of a submission after a period of time. \n BIS acknowledges commenters' concerns related to the submission of sensitive <span class=\"match\">information</span> in the Declarations of Conformity."},{"title":"Department of Energy Acquisition Regulation (DEAR)","type":"Rule","abstract":"The Department of Energy (DOE or the Department) is publishing a final rule comprehensively revising its Acquisition Regulation in order to update and streamline the policies, procedures, provisions and clauses that are applicable to the Department's contracts. This rulemaking updates or eliminates coverage that is obsolete or that unnecessarily duplicates the Federal Acquisition Regulation (FAR) and retains only that coverage which either implements or supplements the FAR for the award and administration of the DOE's contracts. The rule adds several new clauses and amends several existing clauses in order to promote more uniform application of the DOE's contract award and administration policies.","document_number":"2024-23817","html_url":"https://www.federalregister.gov/documents/2024/11/13/2024-23817/department-of-energy-acquisition-regulation-dear","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-11-13/pdf/2024-23817.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-23817.pdf?1731419115","publication_date":"2024-11-13","agencies":[{"raw_name":"DEPARTMENT OF ENERGY","name":"Energy Department","id":136,"url":"https://www.federalregister.gov/agencies/energy-department","json_url":"https://www.federalregister.gov/api/v1/agencies/136","parent_id":null,"slug":"energy-department"}],"excerpts":"12968, Access to <span class=\"match\">Classified</span> <span class=\"match\">Information</span>, dated August 2, 1995; or 10 CFR part 710.\n \n \n \n <span class=\"match\">Classified</span> <span class=\"match\">information</span> \n or \n <span class=\"match\">Classified</span> National Security <span class=\"match\">Information</span> \n mean <span class=\"match\">information</span> officially determined to be Restricted Data, Formerly Restricted Data, or Transclassified Foreign Nuclear <span class=\"match\">Information</span> under the Atomic Energy Act of 1954, as amended, or <span class=\"match\">information</span> determined to require protection under Executive Order 13526, <span class=\"match\">Classified</span> National Security <span class=\"match\">Information</span>, dated December 29, 2009.\n \n \n Counterintelligence \n means <span class=\"match\">information</span> gathered and activities"},{"title":"Standards for Safeguarding Customer Information","type":"Rule","abstract":"The Federal Trade Commission (\"FTC\" or \"Commission\") is issuing a final rule (\"Final Rule\") to amend the Standards for Safeguarding Customer Information (\"Safeguards Rule\" or \"Rule\") to require financial institutions to report to the Commission any notification event where unencrypted customer information involving 500 or more consumers is acquired without authorization.","document_number":"2023-24412","html_url":"https://www.federalregister.gov/documents/2023/11/13/2023-24412/standards-for-safeguarding-customer-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-11-13/pdf/2023-24412.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-24412.pdf?1699537522","publication_date":"2023-11-13","agencies":[{"raw_name":"FEDERAL TRADE COMMISSION","name":"Federal Trade Commission","id":192,"url":"https://www.federalregister.gov/agencies/federal-trade-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/192","parent_id":null,"slug":"federal-trade-commission"}],"excerpts":"means acquisition of unencrypted customer <span class=\"match\">information</span> without the authorization of the individual to which the <span class=\"match\">information</span> pertains. Customer <span class=\"match\">information</span> is considered unencrypted for this purpose if the encryption key was accessed by an <span class=\"match\">unauthorized</span> person. <span class=\"match\">Unauthorized</span> acquisition will be presumed to include <span class=\"match\">unauthorized</span> access to unencrypted customer <span class=\"match\">information</span> unless you have reliable evidence showing that there has not been, or could not reasonably have been, <span class=\"match\">unauthorized</span> acquisition of such <span class=\"match\">information</span>.\n \n \n \n \n \n 3. In § 314.4, revise the introductory"},{"title":"Transparency in Coverage","type":"Proposed Rule","abstract":"These proposed rules set forth proposed requirements that would amend the regulations under the Public Health Service Act, the Employee Retirement Income Security Act of 1974, and the Internal Revenue Code regarding price transparency reporting requirements for non-grandfathered group health plans and health insurance issuers offering non-grandfathered group and individual health insurance coverage. Specifically, these proposed rules would improve the standardization, accuracy, and accessibility of public pricing disclosures in line with the goals of the Executive Order 14221. With respect to the in-network rate and out-of-network allowed amount machine-readable files, these proposed rules would achieve these goals by adding new contextual files and additional data elements like product type, network name, and enrollment counts; changing the reporting level for aggregation of data; removing in-network rates for unlikely provider-to-service mappings; increasing the reporting period and lowering the claims threshold for out-of-network historical data; and reducing the reporting cadence. These proposed rules would also improve the findability of all of the publicly disclosed machine- readable files required under the Transparency in Coverage rules, including the prescription drug file, by requiring a text file and footer with website URLs and contact information for the files. These proposed rules would also require pricing information that is made available through an online consumer tool and paper (upon request), to also be made available by phone, and establish that the satisfaction of such requirement also satisfies the requirements of section 114 of the No Surprises Act (including for grandfathered group health plans and health insurance issuers offering grandfathered group and individual health insurance coverage that are not otherwise subject to these proposed rules).","document_number":"2025-23693","html_url":"https://www.federalregister.gov/documents/2025/12/23/2025-23693/transparency-in-coverage","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-12-23/pdf/2025-23693.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-23693.pdf?1766178909","publication_date":"2025-12-23","agencies":[{"raw_name":"DEPARTMENT OF THE TREASURY","name":"Treasury Department","id":497,"url":"https://www.federalregister.gov/agencies/treasury-department","json_url":"https://www.federalregister.gov/api/v1/agencies/497","parent_id":null,"slug":"treasury-department"},{"raw_name":"Internal Revenue Service","name":"Internal Revenue Service","id":254,"url":"https://www.federalregister.gov/agencies/internal-revenue-service","json_url":"https://www.federalregister.gov/api/v1/agencies/254","parent_id":497,"slug":"internal-revenue-service"},{"raw_name":"DEPARTMENT OF LABOR","name":"Labor Department","id":271,"url":"https://www.federalregister.gov/agencies/labor-department","json_url":"https://www.federalregister.gov/api/v1/agencies/271","parent_id":null,"slug":"labor-department"},{"raw_name":"Employee Benefits Security Administration","name":"Employee Benefits Security Administration","id":131,"url":"https://www.federalregister.gov/agencies/employee-benefits-security-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/131","parent_id":271,"slug":"employee-benefits-security-administration"},{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"}],"excerpts":"Departments propose a number of amendments that would apply to the <span class=\"match\">disclosure</span> of <span class=\"match\">information</span> required under paragraphs (b)(1) and (b)(2). First, the Departments propose to amend the introductory paragraph of (b) to reference new requirements for the public <span class=\"match\">disclosure</span> of contextual <span class=\"match\">information</span> and to redesignate paragraphs (b)(2) through (b)(3) as paragraphs (b)(3) through (b)(4), respectively, and add a new paragraph (b)(2) describing the proposed contextual <span class=\"match\">information</span> <span class=\"match\">disclosure</span> requirements for the In-network Rate File. The Departments also propose"}]}