View Rule

The Office of the National Cyber Director (ONCD) invites public comments on opportunities for and obstacles to harmonizing cybersecurity regulations. Strategic Objective 1.1 of the National Cybersecurity Strategy [1] recognizes that while voluntary approaches to critical infrastructure cybersecurity have produced meaningful improvements, the lack of mandatory requirements has resulted in inadequate and inconsistent outcomes.  The Strategy calls for establishing cybersecurity regulations to secure critical infrastructure where existing measures are insufficient, harmonizing and streamlining new and existing regulations, and enabling regulated entities to afford to achieve security. ONCD, in coordination with the Office of Management and Budget (OMB), has been tasked with leading  the Administration’s efforts on cybersecurity regulatory harmonization. [2]  We will work with independent and executive branch regulators to identify opportunities to harmonize baseline cybersecurity requirements for critical infrastructure. [3]  ONCD seeks input from stakeholders to understand existing challenges with regulatory overlap, and explore a framework for reciprocity (the recognition or acceptance by one regulatory agency of another agency’s assessment, determination, finding, or conclusion with respect to the extent of a regulated entity’s compliance with certain cybersecurity requirements) in regulator acceptance of other regulators’ recognition of compliance with baseline requirements.