Governance, Risk and Compliance

Comment period for new cybersecurity requirements extended

The Office of National Cyber Director has given the cybersecurity community more time to provide comments on new cybersecurity requirements after moving the deadline of its request for information on streamlining proposed cybersecurity regulations across all U.S. economy sectors to Oct. 31 from Sept. 15, reports FedScoop. With the extension, the ONCD "seeks input from stakeholders to understand existing challenges with regulatory overlap, and explore a framework for reciprocity in regulator acceptance of other regulators' recognition of compliance with baseline requirements," said the agency in an updated note in the Federal Register. Such harmonization of baseline cybersecurity requirements across different industries comes after the Biden administration unveiled its national cybersecurity strategy which sought more cyber regulation through minimum critical infrastructure security standards and the transfer of computer system security burdens from customers to software vendors, representing a change of pace from the White House's prior emphasis on information sharing efforts.

Related

New CISA incident reporting draft rule deemed excessive

Despite being crucial in bolstering cyber awareness, the Cybersecurity and Infrastructure Security Agency's cyber incident reporting draft rule — which would mandate critical infrastructure entities to make cyber incident and ransomware disclosures within a 72- and 24-hour period, respectively — has been regarded by trade groups and lawmakers to increase burdens not only on smaller organizations but also CISA itself, CyberScoop reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.