{"description":"Documents matching 'vulnerabilities risks threats convey real-time'","count":476,"total_pages":24,"next_page_url":"https://www.federalregister.gov/api/v1/documents?conditions%5Bterm%5D=vulnerabilities+risks+threats+convey+real-time&format=json&page=2","results":[{"title":"Protecting the Nation's Communications Systems From Cybersecurity Threats","type":"Notice","abstract":"In this document, the Federal Communications Commission (\"Commission\" or \"FCC\") announces that it has reconsidered and rescinded a prior Declaratory Ruling and Notice of Proposed Rulemaking, neither of which had been published in the Federal Register. The Declaratory Ruling misconstrued the Communications Assistance for Law Enforcement Act (CALEA), and the Notice of Proposed Rulemaking was based in part on the Declaratory Ruling's flawed legal analysis and proposed ineffective cybersecurity requirements. This Order follows the FCC's engagement with providers to help strengthen their cybersecurity posture.","document_number":"2025-22830","html_url":"https://www.federalregister.gov/documents/2025/12/15/2025-22830/protecting-the-nations-communications-systems-from-cybersecurity-threats","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-12-15/pdf/2025-22830.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-22830.pdf?1765547125","publication_date":"2025-12-15","agencies":[{"raw_name":"FEDERAL COMMUNICATIONS COMMISSION","name":"Federal Communications Commission","id":161,"url":"https://www.federalregister.gov/agencies/federal-communications-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/161","parent_id":null,"slug":"federal-communications-commission"}],"excerpts":"protect the security of our nation's communications networks and infrastructure from potential security <span class=\"match\">threats</span>. \n A. Recent Commission Action To Protect the Nation's Communications Systems \n The Commission has taken a series of recent actions to harden communications networks and improve their security posture. The Commission works closely with federal partner agencies and carriers to identify <span class=\"match\">vulnerabilities</span>, <span class=\"match\">risks</span>, and <span class=\"match\">threats</span>, and <span class=\"match\">convey</span> <span class=\"match\">real-time</span> guidance to protect networks from foreign adversaries, like the PRC. In March 2025, the Commission established"},{"title":"Licensing Requirements for Microreactors and Other Reactors With Comparable Risk Profiles","type":"Proposed Rule","abstract":"The U.S. Nuclear Regulatory Commission (NRC) is proposing to amend its regulations to establish a risk-informed and performance- based regulatory framework for rapid licensing of new microreactors and other reactors with comparable risk profiles and for high-volume deployment of these reactors. The proposed rule would provide a flexible set of licensing pathways, reduce regulatory burden, and ensure that safety and security requirements remain commensurate with the potential hazards posed by these facilities.","document_number":"2026-08550","html_url":"https://www.federalregister.gov/documents/2026/05/01/2026-08550/licensing-requirements-for-microreactors-and-other-reactors-with-comparable-risk-profiles","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-05-01/pdf/2026-08550.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-08550.pdf?1777553125","publication_date":"2026-05-01","agencies":[{"raw_name":"NUCLEAR REGULATORY COMMISSION","name":"Nuclear Regulatory Commission","id":383,"url":"https://www.federalregister.gov/agencies/nuclear-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/383","parent_id":null,"slug":"nuclear-regulatory-commission"}],"excerpts":"allow the use of a previously endorsed or approved <span class=\"match\">risk</span> methodology or other <span class=\"match\">risk</span>-informed approach in lieu of meeting specific prescriptive requirements in 10 CFR part 71 if a fueled reactor would be used as the transportation package. The NRC endorsed a limited use of a <span class=\"match\">risk</span>-informed methodology for accident conditions specifically for a transportable microreactor (SECY-24-0062, “<span class=\"match\">Risk</span>-Informed Methodology for a Future Transportable TRISO-Based Micro-Reactor Package Application”). This endorsed <span class=\"match\">risk</span> methodology is an example of one approach developed"},{"title":"Counter-UAS Authority for State, Local, Tribal, and Territorial Law Enforcement and Correctional Agencies","type":"Rule","abstract":"In this interim final rule (\"IFR\"), the Department of Justice (\"DOJ\") and the Department of Homeland Security (\"DHS\") (collectively, \"the Departments\") codify the framework for implementing the SAFER SKIES Act, which authorizes State, local, Tribal, and territorial law enforcement or correctional (\"SLTT\") agencies to conduct counter-unmanned aircraft system (\"C-UAS\") operations. This framework governs training and certification (including a two-tiered structure for detection and warning operations and for mitigation operations), authorized technologies, spectrum coordination, airspace approval, real-time air traffic control notification, mitigation reporting, privacy protections, and compliance requirements for SLTT agencies in relation to the exercise of C-UAS authority.","document_number":"2026-13609","html_url":"https://www.federalregister.gov/documents/2026/07/06/2026-13609/counter-uas-authority-for-state-local-tribal-and-territorial-law-enforcement-and-correctional","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-07-06/pdf/2026-13609.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-13609.pdf?1782936911","publication_date":"2026-07-06","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"DEPARTMENT OF JUSTICE","name":"Justice Department","id":268,"url":"https://www.federalregister.gov/agencies/justice-department","json_url":"https://www.federalregister.gov/api/v1/agencies/268","parent_id":null,"slug":"justice-department"}],"excerpts":"mitigation action that creates a greater <span class=\"match\">risk</span> to public safety than the <span class=\"match\">threat</span> it is intended to address is not proportionate and must not be taken. Where a non-mitigation measure is sufficient to eliminate the <span class=\"match\">threat</span>, seizure or destruction of the aircraft should be avoided when feasible. The <span class=\"match\">risk</span> of collateral harm to public safety includes the <span class=\"match\">risk</span> of falling debris, damage to persons or property on the ground, disruption to communications systems, and <span class=\"match\">risks</span> to aviation safety, civilian aviation and aerospace operations, aircraft airworthiness, or"},{"title":"Risk-Informed, Technology-Inclusive Regulatory Framework for Advanced Reactors","type":"Rule","abstract":"The U.S. Nuclear Regulatory Commission (NRC) is amending its regulations by adding a risk-informed, performance-based, and technology-inclusive regulatory framework for commercial nuclear plants in response to the Nuclear Energy Innovation and Modernization Act (NEIMA). The current application and licensing requirements were primarily developed to address license requests concerning light water- cooled reactors and operational requirements for those types of reactors. This final rule responds to NEIMA by creating an alternative, technology-inclusive regulatory framework to accommodate licensing of future commercial nuclear plants, including advanced reactor designs that may not employ light-water technology.","document_number":"2026-06048","html_url":"https://www.federalregister.gov/documents/2026/03/30/2026-06048/risk-informed-technology-inclusive-regulatory-framework-for-advanced-reactors","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-03-30/pdf/2026-06048.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-06048.pdf?1774615514","publication_date":"2026-03-30","agencies":[{"raw_name":"NUCLEAR REGULATORY COMMISSION","name":"Nuclear Regulatory Commission","id":383,"url":"https://www.federalregister.gov/agencies/nuclear-regulatory-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/383","parent_id":null,"slug":"nuclear-regulatory-commission"}],"excerpts":"comprehensive <span class=\"match\">risk</span> metric or set of metrics and associated <span class=\"match\">risk</span> performance objectives against which calculated values of the <span class=\"match\">risk</span> metrics are compared. The comprehensive <span class=\"match\">risk</span> metrics or set of metrics and associated <span class=\"match\">risk</span> performance objectives support a performance-based approach to developing an appropriate combination of design features and programmatic controls to prevent or mitigate LBEs other than DBAs. The applicant must propose the comprehensive <span class=\"match\">risk</span> metric or set of metrics and associated <span class=\"match\">risk</span> performance objectives, and the comprehensive <span class=\"match\">risk</span> metric"},{"title":"Cybersecurity in the Marine Transportation System","type":"Rule","abstract":"The Coast Guard is updating its maritime security regulations by establishing minimum cybersecurity requirements for U.S.-flagged vessels, Outer Continental Shelf facilities, and facilities subject to the Maritime Transportation Security Act of 2002 regulations. This final rule addresses current and emerging cybersecurity threats in the marine transportation system by adding minimum cybersecurity requirements to help detect risks and respond to and recover from cybersecurity incidents. These include requirements to develop and maintain a Cybersecurity Plan, designate a Cybersecurity Officer, and take various measures to maintain cybersecurity within the marine transportation system. The Coast Guard is also seeking comments on a potential delay for the implementation periods for U.S.-flagged vessels.","document_number":"2025-00708","html_url":"https://www.federalregister.gov/documents/2025/01/17/2025-00708/cybersecurity-in-the-marine-transportation-system","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-17/pdf/2025-00708.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00708.pdf?1736802922","publication_date":"2025-01-17","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"},{"raw_name":"Coast Guard","name":"Coast Guard","id":53,"url":"https://www.federalregister.gov/agencies/coast-guard","json_url":"https://www.federalregister.gov/api/v1/agencies/53","parent_id":227,"slug":"coast-guard"}],"excerpts":"Definition for “Cybersecurity <span class=\"match\">Threat</span>” \n One commenter recommended adding the definition of “cybersecurity <span class=\"match\">threats</span>” to 33 CFR parts 104 and 105. \n The Coast Guard does not agree to add the definition of “cybersecurity <span class=\"match\">threat</span>” because it is already encompassed by the defined term “cyber <span class=\"match\">threat</span>” the Coast Guard uses in this final rule. Cyber <span class=\"match\">threat</span> is the term used in CIRCIA, which amended the Homeland Security Act of 2002 (Pub. L. 107-296). CIRCIA defined cyber <span class=\"match\">threat</span> by cross-referencing to the term cybersecurity <span class=\"match\">threat</span> as it was already defined in"},{"title":"Request for Information on “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software”","type":"Notice","abstract":"CISA requests input from all interested parties on the white paper \"Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.\"","document_number":"2023-27948","html_url":"https://www.federalregister.gov/documents/2023/12/20/2023-27948/request-for-information-on-shifting-the-balance-of-cybersecurity-risk-principles-and-approaches-for","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-12-20/pdf/2023-27948.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-27948.pdf?1702993535","publication_date":"2023-12-20","agencies":[{"raw_name":"DEPARTMENT OF HOMELAND SECURITY","name":"Homeland Security Department","id":227,"url":"https://www.federalregister.gov/agencies/homeland-security-department","json_url":"https://www.federalregister.gov/api/v1/agencies/227","parent_id":null,"slug":"homeland-security-department"}],"excerpts":"with <span class=\"match\">vulnerabilities</span> discovered in-house compared to the costs associated with <span class=\"match\">vulnerabilities</span> found after customers have deployed the product? \n \n iv. How do software manufacturers determine how to remediate <span class=\"match\">vulnerabilities</span>, \n e.g., \n whether to patch specific instances of a <span class=\"match\">vulnerability</span> versus making other changes to remove the class of <span class=\"match\">vulnerabilities</span>? Does the size of the company (small versus large) make a difference for these choices? Are there particular cost structures that warrant investments in removing the class of <span class=\"match\">vulnerabilities</span> rather"},{"title":"Securing the Information and Communications Technology and Services Supply Chain: Connected Vehicles","type":"Rule","abstract":"This final rule, published by the Department of Commerce's (Department) Bureau of Industry and Security (BIS), sets forth regulations and procedures to address undue or unacceptable risks to national security and U.S. persons posed by classes of transactions involving information and communications technology and services (ICTS) that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of certain foreign adversaries and that are integral to connected vehicles as defined herein.","document_number":"2025-00592","html_url":"https://www.federalregister.gov/documents/2025/01/16/2025-00592/securing-the-information-and-communications-technology-and-services-supply-chain-connected-vehicles","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-16/pdf/2025-00592.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-00592.pdf?1736862326","publication_date":"2025-01-16","agencies":[{"raw_name":"DEPARTMENT OF COMMERCE","name":"Commerce Department","id":54,"url":"https://www.federalregister.gov/agencies/commerce-department","json_url":"https://www.federalregister.gov/api/v1/agencies/54","parent_id":null,"slug":"commerce-department"},{"raw_name":"Bureau of Industry and Security","name":"Industry and Security Bureau","id":241,"url":"https://www.federalregister.gov/agencies/industry-and-security-bureau","json_url":"https://www.federalregister.gov/api/v1/agencies/241","parent_id":54,"slug":"industry-and-security-bureau"}],"excerpts":"characterized the <span class=\"match\">threats</span> as hypothetical in nature, underscoring that PRC and Russian companies are incentivized to avoid exploiting <span class=\"match\">vulnerabilities</span> in connected vehicles in order to avoid conflict. BIS recognizes that many of the <span class=\"match\">risks</span> laid out in the NPRM and final rule are forward-looking, and this rulemaking is an attempt to proactively address these <span class=\"match\">risks</span> before PRC and Russian actors are able to leverage them to harm U.S. national security. Moreover, while BIS agrees that action by the PRC or Russia to leverage <span class=\"match\">vulnerabilities</span> in VCS or ADS could"},{"title":"HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information","type":"Proposed Rule","abstract":"The Department of Health and Human Services (HHS or \"Department\") is issuing this notice of proposed rulemaking (NPRM) to solicit comment on its proposal to modify the Security Standards for the Protection of Electronic Protected Health Information (\"Security Rule\") under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The proposed modifications would revise existing standards to better protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). The proposals in this NPRM would increase the cybersecurity for ePHI by revising the Security Rule to address: changes in the environment in which health care is provided; significant increases in breaches and cyberattacks; common deficiencies the Office for Civil Rights has observed in investigations into Security Rule compliance by covered entities and their business associates (collectively, \"regulated entities\"); other cybersecurity guidelines, best practices, methodologies, procedures, and processes; and court decisions that affect enforcement of the Security Rule.","document_number":"2024-30983","html_url":"https://www.federalregister.gov/documents/2025/01/06/2024-30983/hipaa-security-rule-to-strengthen-the-cybersecurity-of-electronic-protected-health-information","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-01-06/pdf/2024-30983.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-30983.pdf?1735334119","publication_date":"2025-01-06","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"standard for <span class=\"match\">risk</span> analysis.\n \n \n • Identify reasonably anticipated <span class=\"match\">threats</span>. The list of <span class=\"match\">threat</span> events and <span class=\"match\">threat</span> sources should include reasonably anticipated and probable human and natural incidents that can negatively affect the regulated entity's ability to protect ePHI. The information gathered for the technology asset inventory should be used to identify reasonably anticipated <span class=\"match\">threats</span> to ePHI. \n \n • Identify potential <span class=\"match\">vulnerabilities</span> and predisposing conditions. For any of the various <span class=\"match\">threats</span> identified above to result in a significant <span class=\"match\">risk</span>, each"},{"title":"Financial Market Utilities","type":"Rule","abstract":"The Board of Governors of the Federal Reserve System (Board) is publishing a final rule amending the requirements relating to operational risk management in the Board's Regulation HH, which applies to certain financial market utilities (FMUs) that have been designated as systemically important (designated FMUs) by the Financial Stability Oversight Council (FSOC) under Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act or Act). The amendments update, refine, and add specificity to the operational risk management requirements in Regulation HH to reflect changes in the operational risk, technology, and regulatory landscape in which designated FMUs operate. The final rule also adopts specific incident- notification requirements.","document_number":"2024-05322","html_url":"https://www.federalregister.gov/documents/2024/03/15/2024-05322/financial-market-utilities","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-03-15/pdf/2024-05322.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-05322.pdf?1710420317","publication_date":"2024-03-15","agencies":[{"raw_name":"FEDERAL RESERVE SYSTEM","name":"Federal Reserve System","id":188,"url":"https://www.federalregister.gov/agencies/federal-reserve-system","json_url":"https://www.federalregister.gov/api/v1/agencies/188","parent_id":null,"slug":"federal-reserve-system"}],"excerpts":"terms. NIST defines “remediation” as “the act of mitigating a <span class=\"match\">vulnerability</span> or a <span class=\"match\">threat</span>,” and “mitigation” as “a decision, action, or practice intended to reduce the level of <span class=\"match\">risk</span> associated with one or more <span class=\"match\">threat</span> events, <span class=\"match\">threat</span> scenarios, or <span class=\"match\">vulnerabilities</span>.” These definitions can be found at \n https://csrc.nist.gov/glossary/term/remediation \n and \n https://csrc.nist.gov/glossary/term/mitigation, \n respectively.\n \n \n \n The Board expects that a designated FMU will conduct an internal <span class=\"match\">risk</span> analysis of all deficiencies identified in review and testing"},{"title":"Suitability and Fitness","type":"Rule","abstract":"The Office of Personnel Management (OPM) is amending the Federal Government personnel vetting adjudicative processes for determining suitability and taking suitability actions. The final rule will improve the efficiency, rigor, and timeliness by which OPM and agencies vet individuals for risk to the integrity and efficiency of the service and make clear that individuals who engage in serious misconduct while employed in Federal service are subject to the same suitability procedures and actions as applicants for employment. It also ensures that suitability determinations and actions are applied consistently with Merit System Principles.","document_number":"2026-13154","html_url":"https://www.federalregister.gov/documents/2026/06/30/2026-13154/suitability-and-fitness","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-30/pdf/2026-13154.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-13154.pdf?1782737115","publication_date":"2026-06-30","agencies":[{"raw_name":"OFFICE OF PERSONNEL MANAGEMENT","name":"Personnel Management Office","id":406,"url":"https://www.federalregister.gov/agencies/personnel-management-office","json_url":"https://www.federalregister.gov/api/v1/agencies/406","parent_id":null,"slug":"personnel-management-office"}],"excerpts":"against <span class=\"match\">risk</span> posed by trusted insiders. For example, the same section of the FY 2015 NDAA that excluded suitability actions from the scope of Chapter 75 also directed action to develop strategies and capabilities to enable <span class=\"match\">real-time</span>, <span class=\"match\">risk</span>-managed personnel vetting decisions, increase access to criminal history information when determining \n \n an individual's suitability or fitness for employment, and improve insider <span class=\"match\">threat</span> detection and prevention. In passing this amendment, Congress meant to improve the Government's ability to mitigate <span class=\"match\">risk</span> by clarifying"},{"title":"Cybersecurity Maturity Model Certification (CMMC) Program","type":"Rule","abstract":"With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.","document_number":"2024-22905","html_url":"https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-22905.pdf?1728650732","publication_date":"2024-10-15","agencies":[{"raw_name":"DEPARTMENT OF DEFENSE","name":"Defense Department","id":103,"url":"https://www.federalregister.gov/agencies/defense-department","json_url":"https://www.federalregister.gov/api/v1/agencies/103","parent_id":null,"slug":"defense-department"},{"raw_name":"Office of the Secretary"}],"excerpts":"appropriate <span class=\"match\">risk</span> management levels. The RMF also promotes near <span class=\"match\">real-time</span> <span class=\"match\">risk</span> management and ongoing information system and common control authorization through the implementation of continuous monitoring processes; provides senior leaders and executives with the necessary information to make efficient, cost-effective, <span class=\"match\">risk</span> management decisions about the systems supporting their missions and business functions; and incorporates security and privacy into the system development life cycle. Executing the RMF tasks links essential <span class=\"match\">risk</span> management processes"},{"title":"Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals (IPPS) and the Long-Term Care Hospital Prospective Payment System and Policy Changes and Fiscal Year (FY) 2026 Rates; Changes to the FY 2025 IPPS Rates Due to Court Decision; Requirements for Quality Programs; and Other Policy Changes; Health Data, Technology, and Interoperability: Electronic Prescribing, Real-Time Prescription Benefit and Electronic Prior Authorization","type":"Rule","abstract":"This final rule revises the Medicare hospital inpatient prospective payment systems (IPPS) for operating and capital-related costs of acute care hospitals; makes changes relating to Medicare graduate medical education (GME) for teaching hospitals; updates the payment policies and the annual payment rates for the Medicare prospective payment system (PPS) for inpatient hospital services provided by long-term care hospitals (LTCHs); updates and makes changes to requirements for certain quality programs; and makes other policy- related changes. We are also finalizing the provisions of the interim final action with comment period regarding the changes to the FY 2025 IPPS rates due to the court decision in Bridgeport Hosp. v. Becerra. Lastly, it finalizes certain updates to the ONC Health Information Technology (IT) Certification Program.","document_number":"2025-14681","html_url":"https://www.federalregister.gov/documents/2025/08/04/2025-14681/medicare-program-hospital-inpatient-prospective-payment-systems-for-acute-care-hospitals-ipps-and","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2025-08-04/pdf/2025-14681.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2025-14681.pdf?1753992911","publication_date":"2025-08-04","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"},{"raw_name":"Office of the Secretary"}],"excerpts":"differentiation between hospitals serving complex and socially <span class=\"match\">vulnerable</span> patient populations.\n \n \n Response: \n We thank commenters for their support.\n \n \n Comment: \n A commenter expressed concern that removing key clinical <span class=\"match\">risk</span> adjustment covariates from the Excess Readmission Ratio (ERR) calculation would unfairly penalize hospitals that serve complex and <span class=\"match\">vulnerable</span> populations. The commenter recommended retaining the current clinical <span class=\"match\">risk</span> adjustment until Z-codes and comprehensive social <span class=\"match\">risk</span> data are available to avoid unwarranted penalties. A commenter"},{"title":"Taking and Importing Marine Mammals; Taking Marine Mammals Incidental to Geophysical Surveys in the Gulf of America","type":"Rule","abstract":"In accordance with the regulations implementing the Marine Mammal Protection Act (MMPA), as amended, notification is hereby given that NMFS promulgates regulations to govern the incidental taking of marine mammals during geophysical survey activity conducted in the Gulf of America (GOA), over the course of 5 years. These regulations, which allow for the issuance of Letters of Authorization (LOA) to survey operators for the incidental take of marine mammals during the described activities and specified timeframe, prescribe the permissible methods of taking and other means of effecting the least practicable adverse impact on marine mammal species or stocks and their habitat, as well as requirements pertaining to the monitoring and reporting of such taking.","document_number":"2026-07536","html_url":"https://www.federalregister.gov/documents/2026/04/17/2026-07536/taking-and-importing-marine-mammals-taking-marine-mammals-incidental-to-geophysical-surveys-in-the","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-04-17/pdf/2026-07536.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-07536.pdf?1776343517","publication_date":"2026-04-17","agencies":[{"raw_name":"DEPARTMENT OF COMMERCE","name":"Commerce Department","id":54,"url":"https://www.federalregister.gov/agencies/commerce-department","json_url":"https://www.federalregister.gov/api/v1/agencies/54","parent_id":null,"slug":"commerce-department"},{"raw_name":"National Oceanic and Atmospheric Administration","name":"National Oceanic and Atmospheric Administration","id":361,"url":"https://www.federalregister.gov/agencies/national-oceanic-and-atmospheric-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/361","parent_id":54,"slug":"national-oceanic-and-atmospheric-administration"}],"excerpts":"BILLING CODE 3510-22-P \n \n ER17AP26.040 \n \n <span class=\"match\">Risk</span> Assessment Framework: <span class=\"match\">Risk</span> Ratings \n \n In the final step of the framework, severity and <span class=\"match\">vulnerability</span> ratings are integrated to provide relative impact ratings of overall <span class=\"match\">risk</span>, \n i.e., \n relative <span class=\"match\">risk</span> ratings. Severity and <span class=\"match\">vulnerability</span> assessments each produce a numerical rating (1-5) corresponding with the qualitative rating (\n i.e., \n very low, low, moderate, high, very high). A matrix is then used to integrate these two scores to provide an overall <span class=\"match\">risk</span> assessment rating for each species. The matrix"},{"title":"Interagency Guidance on Third-Party Relationships: Risk Management","type":"Notice","abstract":"The Board, FDIC, and OCC (collectively, the agencies) are issuing final guidance on managing risks associated with third-party relationships. The final guidance offers the agencies' views on sound risk management principles for banking organizations when developing and implementing risk management practices for all stages in the life cycle of third-party relationships. The final guidance states that sound third-party risk management takes into account the level of risk, complexity, and size of the banking organization and the nature of the third-party relationship. The agencies are issuing this joint guidance to promote consistency in supervisory approaches; it replaces each agency's existing general guidance on this topic and is directed to all banking organizations supervised by the agencies.","document_number":"2023-12340","html_url":"https://www.federalregister.gov/documents/2023/06/09/2023-12340/interagency-guidance-on-third-party-relationships-risk-management","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2023-06-09/pdf/2023-12340.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2023-12340.pdf?1686228325","publication_date":"2023-06-09","agencies":[{"raw_name":"FEDERAL RESERVE SYSTEM","name":"Federal Reserve System","id":188,"url":"https://www.federalregister.gov/agencies/federal-reserve-system","json_url":"https://www.federalregister.gov/api/v1/agencies/188","parent_id":null,"slug":"federal-reserve-system"},{"raw_name":"FEDERAL DEPOSIT INSURANCE CORPORATION","name":"Federal Deposit Insurance Corporation","id":164,"url":"https://www.federalregister.gov/agencies/federal-deposit-insurance-corporation","json_url":"https://www.federalregister.gov/api/v1/agencies/164","parent_id":null,"slug":"federal-deposit-insurance-corporation"},{"raw_name":"DEPARTMENT OF THE TREASURY","name":"Treasury Department","id":497,"url":"https://www.federalregister.gov/agencies/treasury-department","json_url":"https://www.federalregister.gov/api/v1/agencies/497","parent_id":null,"slug":"treasury-department"},{"raw_name":"Office of the Comptroller of the Currency","name":"Comptroller of the Currency","id":80,"url":"https://www.federalregister.gov/agencies/comptroller-of-the-currency","json_url":"https://www.federalregister.gov/api/v1/agencies/80","parent_id":497,"slug":"comptroller-of-the-currency"}],"excerpts":"third-party <span class=\"match\">risk</span> management processes based on <span class=\"match\">risk</span>. The guidance notes that not all third-party relationships present the same level or type of <span class=\"match\">risk</span> and therefore not all relationships require the same extent of oversight or <span class=\"match\">risk</span> management. It also states that as part of sound <span class=\"match\">risk</span> management, it is the responsibility of each banking organization to analyze the <span class=\"match\">risks</span> associated with each third-party relationship and to calibrate its <span class=\"match\">risk</span> management processes, commensurate with the banking organization's size, complexity, and <span class=\"match\">risk</span> profile and with"},{"title":"Prediction Markets; Public Interest Determinations","type":"Proposed Rule","abstract":"The Commodity Futures Trading Commission (Commission or CFTC) is proposing amendments to its rules concerning event contract derivatives. The markets for these event contracts are commonly referred to as \"prediction markets.\" In particular, the Commission is proposing amendments to further specify the types of event contracts that may be subject to a determination that they are contrary to the public interest, such that they may not be listed for trading or accepted for clearing on or through a CFTC-registered entity, as provided in the Commodity Exchange Act (CEA). The proposed amendments set out factors the Commission would apply in that determination and conform the process by which the determination would be made to the CEA. The Commission also is proposing amendments to the procedure for the Commission's determination to enhance clarity and organization, as well as a definition of the term \"gaming\" and a rule regarding when event contracts \"involve\" an underlying activity.","document_number":"2026-11854","html_url":"https://www.federalregister.gov/documents/2026/06/12/2026-11854/prediction-markets-public-interest-determinations","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-06-12/pdf/2026-11854.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-11854.pdf?1781181917","publication_date":"2026-06-12","agencies":[{"raw_name":"COMMODITY FUTURES TRADING COMMISSION","name":"Commodity Futures Trading Commission","id":77,"url":"https://www.federalregister.gov/agencies/commodity-futures-trading-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/77","parent_id":null,"slug":"commodity-futures-trading-commission"}],"excerpts":"(d) Sound <span class=\"match\">Risk</span> Management Practices \n The Commission views “sound <span class=\"match\">risk</span> management practices” as the operational controls that prediction markets use to ensure event contract trading, clearing, and settlement are conducted securely and transparently. Prediction markets have grown rapidly with fully collateralized designs that limit immediate clearing <span class=\"match\">risk</span>, but ongoing expansion underscores the need for clear contract settlement, anti-manipulation measures, and insider-<span class=\"match\">risk</span> controls. \n Objective and auditable settlement terms reduce <span class=\"match\">risk</span>, prevent disputes"},{"title":"Medicare Program; Alternative Payment Model Updates and the Increasing Organ Transplant Access (IOTA) Model","type":"Rule","abstract":"This final rule describes a new mandatory alternative payment model, the Increasing Organ Transplant Access Model (IOTA Model), that will test whether performance-based upside risk payments or downside risk payments paid to or owed by participating kidney transplant hospitals increase access to kidney transplants for patients with end- stage renal disease (ESRD) while preserving or enhancing the quality of care and reducing Medicare expenditures. This final rule also adopts standard provisions that will apply to the Radiation Oncology Model, the End-Stage Renal Disease (ESRD) Treatment Choices Model, and mandatory Innovation Center models, including the IOTA Model, whose first performance period begins on or after January 1, 2025. The finalized standard provisions relate to beneficiary protections; cooperation in model evaluation and monitoring; audits and records retention; rights in data and intellectual property; monitoring and compliance; remedial action; model termination by CMS; limitations on review; miscellaneous provisions on bankruptcy and other notifications; and the reconsideration review process.","document_number":"2024-27841","html_url":"https://www.federalregister.gov/documents/2024/12/04/2024-27841/medicare-program-alternative-payment-model-updates-and-the-increasing-organ-transplant-access-iota","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-12-04/pdf/2024-27841.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-27841.pdf?1732655723","publication_date":"2024-12-04","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"}],"excerpts":"will determine whether the IOTA participant will be eligible to receive an upside <span class=\"match\">risk</span> payment from CMS, fall into the neutral zone where no upside or downside <span class=\"match\">risk</span> payment would apply, or owe a downside <span class=\"match\">risk</span> payment to CMS for the PY as described in section III.C.6 of this final rule. \n d. Performance-Based Upside <span class=\"match\">Risk</span> Payment and Downside <span class=\"match\">Risk</span> Payment Formula \n Each IOTA participant's final performance score will determine whether: (1) CMS will pay an upside <span class=\"match\">risk</span> payment to the IOTA participant; (2) the IOTA participant will fall into a neutral"},{"title":"Patient Protection and Affordable Care Act, HHS Notice of Benefit and Payment Parameters for 2027; and Basic Health Program","type":"Proposed Rule","abstract":"This proposed rule contains provisions to improve implementation of the Patient Protection and Affordable Care Act, including payment parameters and provisions related to the HHS-operated risk adjustment and risk adjustment data validation (HHS-RADV) programs, as well as 2027 user fee rates for issuers offering qualified health plans (QHPs) through Federally-facilitated Exchanges (FFEs) and State-based Exchanges on the Federal platform (SBE-FPs). This proposed rule also includes provisions related to civil money penalties (CMPs) for noncompliant issuers and other responsible entities; standards governing agents, brokers, and web-brokers; the expansion and codification of hardship exemption eligibility; implementation of the State Exchange Improper Payment Measurement (SEIPM); provider access standards and essential community provider standards for QHP certification; QHP certification of non-network plans; a prohibition on issuers from including routine non-pediatric dental services as an Essential Health Benefit (EHB); cost-sharing flexibilities for catastrophic and individual market bronze plans; establishment of catastrophic plans with plan terms of up to 10 consecutive years; QHP issuer quality improvement strategies (QISs); revisions affecting which enrollees are included in Federal Basic Health Program (BHP) payment calculations to States; and seeks comment on potential adjustments to other Federal standards, including the Federal medical loss ratio (MLR) standard in the individual market. This proposed rule also includes amendments to implement certain provisions of the Working Families Tax Cut (WFTC) legislation.","document_number":"2026-02769","html_url":"https://www.federalregister.gov/documents/2026/02/11/2026-02769/patient-protection-and-affordable-care-act-hhs-notice-of-benefit-and-payment-parameters-for-2027-and","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-02-11/pdf/2026-02769.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-02769.pdf?1770671709","publication_date":"2026-02-11","agencies":[{"raw_name":"DEPARTMENT OF HEALTH AND HUMAN SERVICES","name":"Health and Human Services Department","id":221,"url":"https://www.federalregister.gov/agencies/health-and-human-services-department","json_url":"https://www.federalregister.gov/api/v1/agencies/221","parent_id":null,"slug":"health-and-human-services-department"},{"raw_name":"Centers for Medicare & Medicaid Services","name":"Centers for Medicare & Medicaid Services","id":45,"url":"https://www.federalregister.gov/agencies/centers-for-medicare-medicaid-services","json_url":"https://www.federalregister.gov/api/v1/agencies/45","parent_id":221,"slug":"centers-for-medicare-medicaid-services"},{"raw_name":"Office of the Secretary"}],"excerpts":"\n B. Part 153—Standards Related to Reinsurance, <span class=\"match\">Risk</span> Corridors, and <span class=\"match\">Risk</span> Adjustment \n \n In subparts A, B, D, G, and H of part 153, we established standards for the administration of the <span class=\"match\">risk</span> adjustment program. The <span class=\"match\">risk</span> adjustment program is a permanent program created by section 1343 of the Affordable Care Act that transfers funds from issuers of <span class=\"match\">risk</span> adjustment covered plans that have lower-than-average <span class=\"match\">risk</span> enrollees to issuers of <span class=\"match\">risk</span> adjustment covered plans that have higher-than-average <span class=\"match\">risk</span> enrollees, which includes issuers with plans in"},{"title":"Taking and Importing Marine Mammals; Taking Marine Mammals Incidental to Geophysical Surveys in the Gulf of America","type":"Proposed Rule","abstract":"NMFS has received a request for the reimplementation of incidental take regulations (ITR) governing the incidental taking of marine mammals during geophysical survey activity conducted in the Gulf of America (GOA). Pursuant to the Marine Mammal Protection Act (MMPA), NMFS is requesting comments on its proposed rule and will consider public comments relevant to this proposed rule prior to issuing any final rule.","document_number":"2026-03691","html_url":"https://www.federalregister.gov/documents/2026/02/24/2026-03691/taking-and-importing-marine-mammals-taking-marine-mammals-incidental-to-geophysical-surveys-in-the","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2026-02-24/pdf/2026-03691.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2026-03691.pdf?1771622109","publication_date":"2026-02-24","agencies":[{"raw_name":"DEPARTMENT OF COMMERCE","name":"Commerce Department","id":54,"url":"https://www.federalregister.gov/agencies/commerce-department","json_url":"https://www.federalregister.gov/api/v1/agencies/54","parent_id":null,"slug":"commerce-department"},{"raw_name":"National Oceanic and Atmospheric Administration","name":"National Oceanic and Atmospheric Administration","id":361,"url":"https://www.federalregister.gov/agencies/national-oceanic-and-atmospheric-administration","json_url":"https://www.federalregister.gov/api/v1/agencies/361","parent_id":54,"slug":"national-oceanic-and-atmospheric-administration"}],"excerpts":"masking and chronic anthropogenic noise <span class=\"match\">risk</span> factors. Note that, as there are certain species-specific elements of the <span class=\"match\">vulnerability</span> assessment, we evaluated each of the four species contained within the blackfish group. For purposes of evaluating relative <span class=\"match\">risk</span>, we assume that the greatest <span class=\"match\">vulnerability</span> (assessed for melon-headed whale) applies to each species in the blackfish group.\n \n \n EP24FE26.025 \n \n <span class=\"match\">Risk</span> Assessment Framework: <span class=\"match\">Risk</span> Ratings \n \n In the final step of the framework, severity and <span class=\"match\">vulnerability</span> ratings are integrated to provide relative"},{"title":"Self-Regulatory Organizations; Fixed Income Clearing Corporation; Notice of Filing and Extension of Review Period of Advance Notice To Host Certain Core Clearance and Settlement Systems in a Public Cloud","type":"Notice","abstract":null,"document_number":"2024-19762","html_url":"https://www.federalregister.gov/documents/2024/09/04/2024-19762/self-regulatory-organizations-fixed-income-clearing-corporation-notice-of-filing-and-extension-of","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-04/pdf/2024-19762.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-19762.pdf?1725367520","publication_date":"2024-09-04","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"excerpts":"efficiency, reduce costs, mitigate <span class=\"match\">risks</span>, and maintain a cohesive environment for seamless collaboration and operation.\n \n \n \n 11 \n  Some of the non-Core C&amp;S Systems already operating in Cloud include systems that support <span class=\"match\">risk</span> analysis, various reporting engines, and shared infrastructure capabilities. More specifically, for <span class=\"match\">risk</span> analysis, there are applications for certain <span class=\"match\">risk</span> testing and calculations used to assess industry <span class=\"match\">risk</span> postures for various Clearing Agency clients, as well as warehousing large sets of <span class=\"match\">risk</span> data for quantitative analytics"},{"title":"Self-Regulatory Organizations; National Securities Clearing Corporation; Notice of Filing and Extension of Review Period of Advance Notice To Host Certain Core Clearance and Settlement Systems in a Public Cloud","type":"Notice","abstract":null,"document_number":"2024-19761","html_url":"https://www.federalregister.gov/documents/2024/09/04/2024-19761/self-regulatory-organizations-national-securities-clearing-corporation-notice-of-filing-and","pdf_url":"https://www.govinfo.gov/content/pkg/FR-2024-09-04/pdf/2024-19761.pdf","public_inspection_pdf_url":"https://public-inspection.federalregister.gov/2024-19761.pdf?1725367520","publication_date":"2024-09-04","agencies":[{"raw_name":"SECURITIES AND EXCHANGE COMMISSION","name":"Securities and Exchange Commission","id":466,"url":"https://www.federalregister.gov/agencies/securities-and-exchange-commission","json_url":"https://www.federalregister.gov/api/v1/agencies/466","parent_id":null,"slug":"securities-and-exchange-commission"}],"excerpts":"efficiency, reduce costs, mitigate <span class=\"match\">risks</span>, and maintain a cohesive environment for seamless collaboration and operation.\n \n \n \n 11 \n  Some of the non-Core C&amp;S Systems already operating in Cloud include systems that support <span class=\"match\">risk</span> analysis, various reporting engines, and shared infrastructure capabilities. More specifically, for <span class=\"match\">risk</span> analysis, there are applications for certain <span class=\"match\">risk</span> testing and calculations used to assess industry <span class=\"match\">risk</span> postures for various Clearing Agency clients, as well as warehousing large sets of <span class=\"match\">risk</span> data for quantitative analytics"}]}