Network Security

OMB attempts to define ‘major cyber incident’ again

The Office of Management and Budget (OMB) attempted once again to define what constitutes as a major cybersecurity incident in the 2017 Federal Information Security Modernization Act (FISMA) guidance.

The agency defines a major incident as “is any incident that is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people,” according to the Nov. 4 modification.

Major incidents were also defined as an unauthorized modification of, deletion, exfiltration or access to the information of 100,000 or more individuals' that would impact national security, public safety, public health or civil liberties.

The modification to the definition also differs from the previous one in that it doesn't reference “medium or high functional impact” to the agency nor does it mention the recovery of data in a specific amount of time.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.