Streamlining Federal Cybersecurity Regulations Act of 2025

Streamlining Federal Cybersecurity Regulations Act of 2025

This bill establishes an interagency committee to review and align cybersecurity regulations and requirements imposed by executive agencies.

The committee, to be led and administered by the Office of the National Cyber Director, must include the heads of each executive agency with statutory authority to enforce mandatory cybersecurity requirements. Agencies must generally consult with the committee before promulgating or amending cybersecurity requirements.

The committee must develop a regulatory framework for the harmonization of agencies’ cybersecurity requirements. Under the bill, harmonization means the alignment of cybersecurity requirements to consist of a common set of minimum requirements that are applicable across sectors and sector-specific requirements as necessary. Specifically, the framework must contain processes for (1) establishing a reciprocal compliance mechanism for minimum requirements applicable to entities regulated by more than one agency; and (2) identifying and developing recommendations to address cybersecurity requirements that are overly burdensome, inconsistent, or contradictory. In developing this framework, the committee must seek public comment and consult with industry experts and stakeholders.

Once the framework is developed and published, the committee must select agencies to carry out a pilot program to apply the framework to a sampling of their cybersecurity requirements.

In consultation with the committee, the Office of Management and Budget must issue guidance to federal agencies on coordinating with the committee and, after the pilot program is complete, on ensuring cybersecurity requirements are consistent with the framework and lessons learned from the pilot program.