Rep. Jim Langevin (D-Rhode Island) has reintroduced a bill that would standardize industry efforts to notify victims of cyber attacks.

A press release posted Monday on Langevin’s website said the Personal Data Notification and Protection Act would give companies 30 days to notify affected individuals following the discovery of a breach of sensitive personal information.

The legislation would also direct the Federal Trade Commission to support breach notification activities, which must be done through mail, telephone or e-mail.

Langevin revived the bill after credit reporting company Equifax confirmed earlier this month that a breach of its systems exposed sensitive information of 143 million consumers.

The lawmaker noted that the proposed legislation is designed to replace 48 state breach notification laws with a nationwide standard as well as strengthen companies’ obligations to disclose cyber attacks that could affect consumers.

Patrick Shanahan, deputy secretary at the Defense Department, has said DoD will form a new steering group that will work to develop and oversee the implementation of a strategy to advance the adoption of commercial cloud platforms and services, FCW reported Wednesday.

Shanahan wrote in a Sept. 13 memo that Ellen Lord, defense undersecretary for acquisition, technology and logistics, will chair the new cloud executive steering group that will report directly to his office.

“While technological modernization has many dimensions, I believe accelerating the DoD’s adoption of cloud computing technologies is critical to maintaining our military’s technological advantage,” he wrote.

DoD will execute its cloud adoption effort in two phases in which a tailored procurement process will be adopted in the first phase to acquire an enterprise-based cloud services platform designed to support top-secret, secret and classified data, Shanahan noted.

Under the second phase, CESG will help DoD agencies transition to the acquired cloud platform.

The steering group will report to Shanahan’s office progress on several actions such as cloud migration efforts, contract award for the initial phase, establishment of funding for the initiative’s second phase and project management plan.

Shanahan also asked CESG to submit a report on DoD’s action plan for the cloud adoption initiative by Nov. 15.

The General Services Administration has revised a special item number on its Professional Services Schedule in an effort to meet the rising demand for identity protection services and changing requirements of federal agency customers.

GSA’s office of professional services and human capital categories renamed SIN 520-20 on PSS as Data Breach Response and Identity Protection Services in an effort to provide agencies flexibility to tailor services based on their specific requirements, the agency said Wednesday.

SIN 520-20 currently covers credit monitoring services, risk mitigation and assessment services, data breach analysis and independent risk analysis.

Under the redefined SIN, ordering agencies could gain access to services related to identity notification and monitoring of personally identifiable information and protected health information; protection of the confidentiality of PHI and PII; identity restoration support; and identity theft insurance.

GSA plans to include the rebranded SIN 520-20 in its next solicitation refresh that is expected to be released by the middle of October.

The agency will also transition from current blanket purchase agreements to the redefined SIN as the ordering mechanism for identity protection services once it secures a large pool of vendors to facilitate competition.

Securities and Exchange Commission Chairman Jay Clayton issued a statement Wednesday saying the agency found in August that a previously identified cyber incident “may have provided the basis for illicit gain through trading,” MeriTalk reported Thursday.

Clayton refers to a 2016 breach of the test filing component of SEC’s Electronic Data Gathering, Analysis and Retrieval system designed to help the agency collect and track disclosure documents from issuers and other registrants.

He said the breach involved a software vulnerability in the EDGAR system’s test filing function that was used by hackers to gain access to nonpublic data.

“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk,” Clayton wrote in his public statement.

He noted that SEC continues to investigate the cyber incident and coordinate with authorities.

Clayton said he launched in May an evaluation of SEC’s internal cyber risk profile and approach to cybersecurity across five areas.

These areas include the commission’s data collection and use, internal cyber risk management, incorporation of cyber considerations into the agency’s risk-based supervision of entities; enforcement of federal security laws; and coordination with other government agencies.