The global tech trade association Information Technology Industry Council has recommended that government contractors be given a 72-hour reporting window and a significance threshold on cybersecurity incidents involving controlled unclassified information, or CUI. Policymakers should adopt consistent requirements and strategic assessments on the government’s CUI guardrails, ITI said Monday.
The reporting timeframe is one of ITI’s suggestions following a Federal Register announcement on a request for public comments on proposed amendments to the Federal Acquisition Regulation on contractor compliance obligations in safeguarding CUI. The Department of Defense, NASA and the General Services Administration initiated the public comments solicitation.
Table of Contents
Consistency Measures in CUI Management
ITI’s other recommendations on the FAR amendments include certification processes alignment across all federal agencies to ensure consistent CUI management and establishing reasonable cutoff levels for contractor liability risk.
The trade group also suggested in the 10-page comments it submitted that FAR should centralize reporting for shared services to prevent overclassification. In addition, it recommended the standardization of CUI management training to prevent inconsistencies between agencies.
Actionable Reports Needed
Leopold Wildenauer, ITI director of cybersecurity and supply chain policy, described as “fragmented and duplicative” the current cyber incident reporting policies, and noted that policymakers need to focus on aligning them across federal agencies.
“By granting contractors a 72-hour reporting window and establishing a significance threshold, the government can ensure that incident reports are both actionable and meaningful,” Wildenauer stressed.
To support the development of cybersecurity incident reporting policies, ITI has formulated and released two templates: Policy Principles for Security Incident Reporting in the U.S. and Global Policy Principles for Cybersecurity Incident Reporting.
Related Articles
Gregory Barbaccia, federal chief information officer and a 2025 Wash100 awardee, has shared his insights on how the federal government should advance digital transformation. “I notice a lot of the government considers itself to be ‘digital,’ but in reality, we’ve only digitized, not transformed. Sure we went 0-1, but that should have just been the beginning,” Barbaccia wrote in a LinkedIn post. He noted the lack of automation and that workflows remain unchanged despite the replacement of paper ledgers with spreadsheets. “Files are shared over email instead of through real-time collaboration tools,” he added. Advancing Digital Transformation in Federal Government
The Cybersecurity and Infrastructure Security Agency has issued Emergency Directive 25-02 to address a security flaw that could affect hybrid Microsoft Exchange users. The agency said Thursday that it is ordering federal agencies to respond to the risk by using Microsoft’s mitigation instructions. The post-authentication vulnerability could allow hackers with administrative access to the Microsoft Exchange email server to gain more control and break into connected cloud systems. The agency has yet to find an attacker who uses the flaw to exploit its system, but the new common vulnerabilities and exposure, identified as CVE-2025-53786, could compromise its administrative controls over
U.S. Transportation Secretary Sean Duffy has announced a proposed regulation titled Beyond Visual Line of Sight, which aims to expand the use of unmanned aircraft systems in national airspace. The Federal Aviation Administration said Wednesday the proposed rule will enable operators to bypass waivers or exemptions to utilize UAS or drones without a visual line of sight. Removing this step is expected to accelerate the innovative use of drones in manufacturing, farming, energy production, filmmaking, moving products such as medications and other areas. The rule also incorporates new compliance requirements for manufacturers, operators and UAS traffic management services. These will help facilitate