Industry and other cyber policy players are closely watching as House lawmakers move to advance an incident reporting requirement for critical infrastructure operators by amendment to the annual National Defense Authorization Act, while Senate Homeland Security Chairman Gary Peters (D-MI) is emphasizing that legislation must include mandatory reporting of ransomware payments.
Phil Reitinger, who led cybersecurity efforts at DHS during the Obama administration, is raising cautionary notes about a proposal to set a five-year term for the Director of CISA, which could be added to the national defense policy bill headed to the House floor.
The Defense Department is not planning to release the final rule cementing the implementation of its Cybersecurity Maturity Model Certification program in September, due to an ongoing internal review expected to conclude toward the end of 2021.
House Homeland Security leaders have submitted their bipartisan cyber incident reporting legislation as a proposed amendment to the annual defense policy bill, among a handful of key cybersecurity proposals offered for inclusion in the fiscal 2022 National Defense Authorization Act headed to the House floor next week.
Officials from three federal agencies discussed their approaches to establishing product labeling programs for the energy sector and other consumer protection efforts at a NIST workshop on cybersecurity labeling, providing a wide range of considerations for how NIST can make its pilot programs most impactful.
Leaders from the House Small Business oversight subcommittee are working to get an amendment into the fiscal 2022 National Defense Authorization Act that would direct the Pentagon to assess the small business impacts of DOD’s CMMC program.