The landscape of cybersecurity law and regulations is ever-changing, often marked by a tangible increase in intensity. In the United States, the tributary of change has come through federal agencies taking the initiative, fostering an environment where traditional laxity no longer holds sway. One good example of this is the recent move by the Federal Acquisition Regulatory Council (FARC), as last month they proposed new cybersecurity and incident reporting strategies for federal contractors. This decision potentially has significant implications, particularly in the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA). Whether this indicates a wider trend of evolving requirements on a national scale remains to be seen.
What is interesting in the grand scheme of things here is that the proposed changes could render cyber incident reporting as being classified as “material” for federal contractors. This introduces a new layer of responsibility and an enhanced need for vigilance.
The intricacies of how these changes would significantly affect the overarching landscape remain to be seen, and legal scholars are eagerly anticipating the resulting implications. However, regardless of perspective, the move by FARC shows that cybersecurity is no longer a sideline in federal acquisitions – it is now taking more of a front seat. The entities affected by this proposed change would do well to take notice; failure to adapt could bring about unprecedented risks.
For more information on this development, read the original report from Bass, Berry & Sims LLC.