Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA). The proposed regulations include data incident reporting requirements the government explicitly designated as material to government contractors – meaning a failure to follow the reporting requirements could be grounds for False Claims Act liability.
