Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The U.S. Department of Justice (DOJ) filed its first major complaint-in-intervention under the False Claims Act (FCA) premised on a government contractor’s alleged cybersecurity deficiencies since the DOJ’s Civil Cyber-Fraud...more
The National Institute of Standards and Technology (NIST) published its Artificial Intelligence Risk Management Framework (NIST AI 100-1) in January 2023. The NIST AI Framework consists of 19 categories and 72...more
The Georgia Tech case serves as yet another reminder of the importance of contractor compliance with cybersecurity requirements in federal contracts. The Government alleges that Georgia Tech failed to comply with the...more
An unprecedented cyber qui tam action involving Georgia Tech’s alleged failure to comply with certain cybersecurity controls underscores the importance of having advanced cyber requirements for federal contractors. Our...more
On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp....more
Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more
Colorado became the first U.S. state to pass a law protecting consumers from harm when using artificial intelligence (AI). Senate Bill 24-205 on Consumer Protections for Artificial Intelligence was passed on May 17, 2024. The...more
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
Defense contractors and subcontractors that handle Controlled Unclassified Information (CUI) and do not have robust information-security system controls in place better get their house in order now if they want to do business...more
The National Institute of Standards and Technology (NIST) published its Artificial Intelligence Risk Management Framework (NIST AI 100-1) in January 2023...more
As artificial intelligence (AI) continues to advance rapidly, organizations of all types are seeking to deploy this powerful tool to increase the effectiveness and efficiency of their operations, improve service to their...more
On May 17, 2024, Governor Jared Polis signed into law Colorado Senate Bill 24-205 (SB205), pioneering a comprehensive regulatory framework for artificial intelligence (AI) systems....more
On April 29, 2024, the U.S. Department of Commerce announced the release of four draft publications intended to help improve the safety, security, and trustworthiness of artificial intelligence (“AI”) systems. These...more
On May 17, 2024, Colorado Governor Jared Polis signed into law Senate Bill (SB) 24-205, “Concerning Consumer Protections in Interactions With Artificial Intelligence Systems” (the “Colorado Artificial Intelligence (AI) Act”),...more
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. The deviation relates to contractors’ compliance with...more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
In the absence of federal cybersecurity and data privacy laws, companies have to look to other sources of guidance, including industry standards, and state laws. The National Institute of Standards and Technology (“NIST”)...more
Health care entities maintain compliance programs in order to comply with the myriad changing laws and regulations that apply to the health care industry. Although laws and regulations specific to the use of artificial...more
The United States notified the U.S. District Court for the Northern District of Georgia that it plans to intervene in a False Claims Act case filed against Georgia Tech Research Corporation (Georgia Tech) by its Associate...more
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and...more
Start Planning Now to Reduce Your Increased Money Laundering, Sanctions, and Conflicts of Interest Risks The introduction and use of generative artificial intelligence (GenAI) and predictive data analytics (PDAs) by...more
Healthcare organizations continue to be prime targets of cyberattacks. It is well-established that cyberattacks can lead to financial loss, reputational damage, and, in some cases, risks to patient care and safety. The recent...more
On February 26, 2024, the Connecticut Insurance Department (the CID) adopted Bulletin No. MC-25 on the “Use of Artificial Intelligence Systems in Insurance” (Connecticut Bulletin). This Connecticut Bulletin is similar to the...more
This article is a continuation of our article series focused on the management of AI regulatory compliance risk. Our first article highlighted privacy topics related to collecting personal information via AI applications,...more
The Association of American Universities (AAU) and the Council on Governmental Relations (COGR) are among a handful of groups “urging the Biden administration to rescind a policy proposal that would threaten the American...more