Despite the potentially sweeping impact of the proposed FAR CUI Rule (Proposed Rule), less than 30 comments have been filed to date during the comment period, which ends March 17, 2025.
Continue Reading Proposed FAR CUI Rulemaking Nears Comment Deadline
On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s
On April 4, 2024, CISA published its long-awaited Notice of Proposed Rulemaking to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). If passed in their current form, the Rules would create extensive reporting obligations for an estimated 316,244 covered entities across 16 critical infrastructure sectors.
As part of a larger spending bill signed by President Biden on March 15, 2022, Congress passed the Cyber Incident Reporting for Critical Infrastructure Act (CIRA) to increase funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA). CIRA requires companies considered to be in a “critical infrastructure” sector to notify CISA within 72 hours