Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
President Joe Biden’s October 2023 Executive Order on AI directed agencies to institute a significant number of actions on AI. On April 29, 2024, the White House announced that federal agencies had completed “all of the...more
The upcoming election, and the approaching end of the President’s four-year term, introduce additional dynamics into the agencies’ rulemaking process and even the guidance process. From now through the November election, the...more
GoodRx Faces Million Dollar Proposed Penalty from FTC in First Enforcement Action Under the Health Breach Notification Rule - Settlement reveals views on application of unfairness authority to sharing of sensitive...more
Beginning in 2019, the US federal government ramped up its involvement in, and regulation of, the use of artificial intelligence (AI). The federal government is grappling with how to incentivize AI innovation responsibly,...more
On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
While the DoD charts a path forward on CMMC, the USG is emphasizing the need to comply with existing cyber obligations in government contracts and taking steps to enforce compliance with those obligations. The June 16 Memo...more
Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays...more
The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) to obtain industry feedback and inform potential future rulemaking regarding information...more
Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act - With the Notice of Proposed Rulemaking set for fall 2022, Colorado’s Attorney General office is currently inviting preliminary comments for...more
Key Wireless Deadlines- NTIA Seeks Comment on Infrastructure Investment and Jobs Act Implementation: The National Telecommunications and Information Administration (NTIA) requests comment on its implementation of three of...more
On November 4, 2021, the Department of Defense (DoD) issued an Advanced Notice of Proposed Rulemaking by releasing the latest and highly anticipated iteration of the CMMC program – CMMC 2.0. According to the DoD, the...more
The past few years in the government contracting space has seen significant changes: from the recently passed infrastructure bill and its $1.2 trillion infusion for the modernization of the country’s rapidly aging...more
Key Points - On Wednesday, May 12, 2021, President Biden issued EO 14,028, “Improving the Nation’s Cybersecurity.” The EO sets out an ambitious schedule of reviews and rulemakings that portend significant changes in the...more
On December 19, the Senate passed H.R.7898, which the House of Representatives had previously passed on December 9. This law amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require...more
The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming...more
The U.S. Department of Defense’s (DoD) new cybersecurity verification regime is moving into a new phase, with major implications for contractors. On January 31, 2020, DoD released version 1.0 of its Cybersecurity Maturity...more
On January 7, 2019, the federal Office of Management and Budget (OMB) released a draft of a memorandum setting forth guidance to assist federal agencies in developing regulatory and non-regulatory approaches regarding...more
Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program...more
The National Institute of Standards and Technology (NIST) recently released its draft Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework)....more
While eyes focus on the privacy legislative debate now underway in the United States, the development of a new Privacy Framework by the influential National Institute of Standards and Technology (“NIST”) is also worthy of...more
On November 18, 2014, the General Services Administration (“GSA”) hosted an Industry Day seeking feedback on its proposal to add a Cloud Computing Special Item Number (“SIN”) on its IT Multiple Award Schedule 70 (“MAS...more