In this episode of "Regulatory Phishing," Government Contracts and Cybersecurity attorney Eric Crusius delves into the latest developments from the Cybersecurity Maturity Model Certification (CMMC) program, National Institute...more
Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more
8/28/2024
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Justice (DOJ) ,
DFARS ,
Enforcement Actions ,
False Claims Act (FCA) ,
False Statements ,
Federal Contractors ,
Fraud ,
Implied Certification ,
Internal Controls ,
Invoices ,
NIST ,
Qui Tam ,
Security and Privacy Controls ,
Universities ,
US Air Force ,
Whistleblowers
The National Institute of Standards and Technology (NIST) released the third revision of its Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations." This...more
Two years after announcing the second iteration of the U.S. Department of Defense's (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the DoD released its proposed rule that, if adopted, will implement the...more
12/28/2023
/ Certification Requirements ,
Code of Federal Regulations (CFR) ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
NASA ,
NIST ,
Prime Contractor ,
Proposed Rules ,
Subcontractors
The Federal Acquisition Regulatory (FAR) Council on Oct. 3, 2023, issued two proposed rules to partially implement President Biden's Executive Order on Improving the Nation's Cybersecurity. The first proposed rule imposes...more
10/5/2023
/ Cloud Computing ,
Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Data-Sharing ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Sharing ,
Information Technology ,
NIST ,
Proposed Rules ,
Security and Privacy Controls
In this episode of "Regulatory Phishing," Eric Crusius is joined by Tom Tollerton, a partner with FORVIS, a Certified Third-Party Assessment Organization (C3PAO). In this episode, Eric and Tom discuss the role of the C3PAO in...more
In this episode of "Regulatory Phishing," Eric Crusius is joined by Tom Tollerton, a partner with FORVIS, a Certified Third-Party Assessment Organization (C3PAO). In this episode, Eric and Tom discuss the role of the C3PAO in...more
Contractors that do business with the U.S. Department of Defense (DoD) and handle Controlled Unclassified Information (CUI) have been awaiting the issuance of a rule implementing the Cybersecurity Maturity Model Certification...more
2023 promises to be a pivotal year for cybersecurity in government contracts. Besides the implementation of the Cybersecurity Maturity Model Certification (CMMC) program, new regulations are coming for civilian contractors,...more
The U.S. Department of Defense (DoD) recently released a memorandum signaling its increasing willingness to review contractor compliance with cybersecurity standards in its contracts and take action against noncompliant...more
7/14/2022
/ Best Practices ,
Compliance ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
NIST ,
Popular
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
12/8/2021
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Interim Final Rules (IFR) ,
National Security ,
NIST ,
Popular ,
Qui Tam
On May 12, 2021, President Joe Biden issued a comprehensive Executive Order (EO) on Improving the Nation's Cybersecurity that promises sweeping changes in federal contracts for information technology (IT), cloud services and...more
5/17/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
OMB ,
Software ,
Supply Chain
The U.S. Department of Defense (DoD) released version 1.0 of its Cybersecurity Maturity Model Certification (known as CMMC) on Jan. 31, 2020. The CMMC model draws heavily on the National Institute for Standards and...more
Details concerning the U.S. Department of Defense's (DoD) new cybersecurity standards are emerging. Called the Cybersecurity Maturity Model Certification (CMMC), compliance with this new set of security standards will be...more
Taking over as editors of Holland & Knight’s Government Contracts Blog has been a labor, but it has been a labor of love. Like the rest of the Government Contracts Team, we are passionate about staying on top of the latest...more
12/28/2017
/ Bid Protests ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Defense (DOD) ,
DFARS ,
E-Commerce ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Funding ,
Federal Pilot Programs ,
Foreign Corrupt Practices Act (FCPA) ,
LPTA ,
NDAA ,
New Guidance ,
NIST ,
Popular ,
Proposed Legislation ,
Sick Leave ,
Technology Sector ,
Trump Administration ,
Universal Health Services Inc v United States ex rel Escobar ,
Wage and Hour ,
White Collar Crimes
• In recently released guidance, the U.S. Department of Defense (DoD) confirms a "one size does not fit all" approach to contractor compliance with its cybersecurity clauses that cover the safeguarding of contractor networks,...more
10/9/2017
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Information Systems Security Program (ISSP) ,
Joint Plan of Action ,
New Guidance ,
NIST ,
Risk Assessment ,
Threat Management
We had the opportunity to attend Department of Defense’s (DoD) Industry Information Day on Friday, June 23, at the Mark Center Auditorium in Alexandria, Virginia. DoD’s Chief Information Officer published advance notice of...more
The White House just issued a long-awaited Cybersecurity Executive Order (EO). The EO is divided into five sections, which we will summarize in turn -
Section 1 of the EO includes "policy," "findings," and "risk...more