VA Tightens Contractor Rules for Info System Security Breaches
Published Date: 3/19/2026
Notice
Summary
The Department of Veterans Affairs is updating rules for contractors who handle VA information and computer systems to keep everything safe and secure. Contractors must report any security problems or data breaches and tell VA when employees lose access. Comments on these changes are open until April 20, 2026, with no new costs expected.
Analyzed Economic Effects
2 provisions identified: 0 benefits, 2 costs, 0 mixed.
Contractors Must Report Security Incidents
If your company is a VA contractor with access to VA information or VA information systems, you must report any known or suspected security or privacy incident or data breach related to VA information or systems. The information collection (OMB Control No. 2900-0900) covers an estimated 8,223 respondents with an estimated annual burden of 4,069 hours and an average burden of 30 minutes per respondent, frequency less than quarterly.
Notify VA When Staff Lose System Access
VA contractors who have access to VA information systems must notify VA when a contractor employee is reassigned or terminated and no longer needs access to a VA information system. The collection is part of OMB Control No. 2900-0900 and the agency estimates 8,223 respondents, an annual burden of 4,069 hours total, and an average burden of 30 minutes per respondent.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Related Federal Register Documents
2025-21242 — Extending Deadline for Debtor To Request a Waiver
The VA is giving veterans more time—up to one year instead of 180 days—to ask for a waiver on debts related to benefits. This change, effective January 26, 2026, helps reduce stress by giving veterans extra breathing room to handle their debt issues. It doesn’t cost veterans extra money but makes the process friendlier and fairer.
2025-18827 — Extension of Program of Comprehensive Assistance for Family Caregivers Eligibility for Legacy Participants and Legacy Applicants
The VA is giving family caregivers of veterans more time to stay in their special support program by extending the deadline from 2025 to 2028. This means caregivers and veterans who joined the program earlier (the legacy group) can keep getting help for three more years. No changes to money or benefits, just extra time to enjoy the support they deserve!
2025-14687 — Reproductive Health Services
The VA is planning to stop covering abortions and abortion counseling again, reversing a 2022 change. This affects veterans and their families who use VA and CHAMPVA health benefits. The change aims to focus VA services on what they consider essential care, with no new costs or timing details shared yet.
2026-06004 — Notice of Exception to Date of Receipt Rule
Because of a big Canadian postal strike from November 15 to December 17, 2024, mail to and from Canada was seriously delayed. To help veterans and claimants in Canada, the VA is making a temporary rule change so late mail won’t hurt their benefits or claims. This exception started after mail service fully resumed on January 6, 2025, making sure no one loses out because of the strike delays.
2026-05982 — Agency Information Collection Activity Under OMB Review: Application for High-Technology Veterans Education, Training and Skills (VET TEC 2.0) Program
The VA is rolling out a new application for the VET TEC 2.0 program, helping veterans get training in cool tech jobs outside traditional college paths. Veterans under 62 with at least 3 years of service can apply, and the program runs through September 2027. Comments on the application process are open until April 27, 2026, so now’s the time to weigh in!
2026-05740 — Agency Information Collection Activity: Department of Veterans Affairs Acquisition Regulation (VAAR)-Information Security and Privacy Contract Clauses
The Department of Veterans Affairs is updating rules to keep veterans' information safe when contractors work with their computer systems. These changes affect companies that provide IT services or develop and host VA information systems. Comments on these updates are open until April 24, 2026, and the goal is to make sure everyone handles data securely without adding extra costs.
Previous / Next Documents
Previous: 2026-05397 — Agency Information Collection Activities; Extension of Previously Approved eCollection eComments Requested; Certification of Compliance With the Statutory Eligibility Requirements of the Violence Against Women Act as Amended, STOP Formula Grant Program
The Department of Justice is asking to keep collecting info from groups getting STOP grants to show they follow the Violence Against Women Act rules. This helps make sure funds are used right and keeps the process smooth with electronic forms. Comments on this plan are open until April 20, 2026, so affected groups have a chance to weigh in without extra costs or delays.
Next: 2026-05402 — Advisory Committee on the Medical Uses of Isotopes: Call for Nominations
The U.S. Nuclear Regulatory Commission is looking for a new Agreement State Representative to join the Advisory Committee on the Medical Uses of Isotopes. If you work in a state radiation control program, you can apply by May 18, 2026, to help shape important medical safety rules. This role is all about making sure medical uses of radioactive materials stay safe and effective.
Take It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in