As the federal government seeks to procure more artificial intelligence (“AI”), machine learning (“ML”), synthetic content and other emerging technologies in the coming years, government contractors must be prepared to comply...more
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
To dramatically scale up the Modernizing the Federal Risk and Authorization Management Program (FedRAMP) marketplace, the Office of Management and Budget (OMB) has completely rewritten FedRAMP’s vision, scope and governance...more
It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released...more
In our recent article, we discussed FedRAMP’s Roadmap to the Future, outlining FedRAMP’s ambitious plan to breathe new life into the FedRAMP program by, among other goals, updating the authorization process and automating key...more
On January 26, 2024, the Federal Risk and Authorization Management Program (“FedRAMP”) published a draft Emerging Technology Prioritization Framework developed in response to President Biden’s Executive Order 14110 on Safe,...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
On December 21, 2023, the Department of Defense (DoD) issued a memorandum (Memo) providing guidance and clarification on the security and cyber incident management requirements applicable for the use of external Cloud Service...more
As many Department of Defense (“DoD”) contractors know, if they want to store, process, or transmit covered defense information (“CDI”) with a cloud service provider (“CSP”), then the CSP must meet the security requirements...more
On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (“FedRAMP”) (the “Draft Memo”). The...more
Automation in the compliance arena is becoming increasingly ubiquitous. Yet many of the most significant innovations for automation are not found in the anti-bribery/anti-corruption space but in adjacent spaces. That message...more
The Federal Risk and Authorization Management Program (FedRAMP) Program Management Office recently released a revised version of its Obligations and Compliance Standards document for third party assessors – the organizations...more
The Project Management Office (PMO) for the Federal Risk and Authorization Management Program (FedRAMP) has issued an updated version of FedRAMP's 3PAO Obligations and Performance Standards (3PAO Standards), which sets forth...more
To conclude our series of cybersecurity areas to focus on in 2023 for those who do business with the Federal government, we look at the FedRAMP and StateRAMP developments from 2022...more
Since its inception in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has sought to facilitate adoption of secure cloud computing services by federal government agencies. A newly enacted law, the...more
Inflation relief for defense contractors, a ban on procurement of products and services containing certain Chinese semiconductors, and codification of the Federal Risk and Authorization Management Program (FedRAMP) governing...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October...more
On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
On March 1st, the United States Senate passed a historic cybersecurity bill with bipartisan and unanimous support. This bill impacts operators of federal infrastructure and federal civilian agencies. The Strengthening...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13,...more
Although the Connecticut legislature was not successful in passing a privacy law similar to those passed in California, Colorado and Virginia, on June 24, 2021, the “Act Incentivizing The Adoption Of Cybersecurity Standards...more
The Biden Administration's Executive Order directs the Department of Commerce and the Federal Trade Commission to establish pilot programs to develop product labels that inform consumers about the cybersecurity capacities of...more
The President’s new Executive Order on Improving the Nation’s Cybersecurity includes wide-ranging measures intended to strengthen security standards for the federal government and federal government contractors in response to...more
On May 12, 2021, President Joe Biden issued a wide ranging Executive Order “On Improving the Nation’s Cybersecurity,” which was in the works after the SolarWinds cyberattack and arrived soon after a ransomware attack on the...more