David DiMolfetta reports:
Cybersecurity and technology trade groups are urging agencies to rethink a proposed measure that would intensify requirements for federal contractors when they report cybersecurity incidents, arguing they are inconsistent with other cyber regulations and demand too much from contracted firms targeted in cyberattacks.
The proposed rule from the Pentagon, GSA and NASA — the agency trio that jointly issues policy measures tied to the Federal Acquisition Regulation — would, among other things, require contractors to develop a Software Bill of Materials — or SBOM — for all software used when performing contracting tasks, as well as notify the Department of Homeland Security of a security incident within eight hours of its discovery.
Read more at NextGov.