The rules were unveiled in a draft update to the Federal Acquisition Regulation (FAR) that refreshes security reporting standards for government contractors in line with President Biden's 2021 executive order on the topic.
Contractors would have just eight hours to report a detected incident to the Cybersecurity and Infrastructure Security Agency (CISA), which would have to be updated every 72 hours thereafter; A software bill of materials (SBOM) would need to be maintained; After an incident, contractors would provide 'full access' to IT systems and personnel for CISA and federal law enforcement agencies.
#us-procurement-rules #it-service-providers #security-incident #federal-acquisition-regulation #cybersecurity
[
add
]
[
|
|
...
]