The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is working to finalize a rule that would require large segments of industry to rapidly report to the government when...more
2/13/2026
/ Comment Period ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
Government Agencies ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
NPRM ,
Proposed Rules ,
Public Consultations ,
Regulatory Requirements ,
Reporting Requirements ,
Rulemaking Process
On January 23, 2026, the Office of Management and Budget (OMB) reversed some relatively new requirements for secure software development that had been imposed on federal contractors. This move is notable because the...more
1/29/2026
/ Cybersecurity ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
New Guidance ,
NIST ,
OMB ,
Regulatory Requirements ,
Risk Management ,
Risk-Based Approaches ,
Software ,
Supply Chain
Recent draft cybersecurity guidance from the National Institute of Standards and Technology (NIST) provides an opportunity for government contractors who provide IT services to federal agencies to weigh in on implementation...more
1/9/2026
/ Authentication ,
Cloud Computing ,
Cloud Service Providers (CSPs) ,
Comment Period ,
Cybersecurity ,
Data Security ,
Draft Guidance ,
Federal Contractors ,
Government Agencies ,
Information Technology Outsourcing ,
New Guidance ,
NIST ,
Risk Management ,
Third-Party Service Provider
On December 5, 2025, the Federal Communications Commission (FCC) issued a Public Notice further delaying the deadline by which broadcasters must comply with the expanded rules concerning the identification of foreign...more
12/8/2025
/ Advertising ,
Broadcasting ,
Compliance Dates ,
Disclosure Requirements ,
FCC ,
Foreign Adversaries ,
Foreign Agents Registration Act (FARA) ,
Foreign Governments ,
Political Advertising ,
Public Notice ,
Recordkeeping Requirements ,
Regulatory Requirements ,
Television Broadcast Stations
November 2025 has been a busy month for cybersecurity rules affecting government contractors. The long-awaited Cybersecurity Maturity Model Certification (CMMC) Program went into effect on November 10. We are now seeing the...more
11/25/2025
/ Comment Period ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Draft Guidance ,
Federal Contractors ,
New Guidance ,
NIST ,
Proposed Rules ,
Regulatory Requirements ,
Risk Management ,
Rulemaking Process ,
Supply Chain
Cybersecurity risks are evolving, in part because bad actors – including scammers and fraudsters – are leveraging widely available artificial intelligence (AI) tools for nefarious purposes. In the escalating fraud landscape,...more
11/13/2025
/ Artificial Intelligence ,
Best Practices ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Crimes ,
FinCEN ,
Fraud ,
Identity Theft ,
Information Sharing ,
Know Your Customers ,
Phishing Scams ,
Ransomware ,
Risk Management ,
Risk Mitigation
Since 2004, October has marked Cybersecurity Awareness Month and for more than 15 years Wiley’s team of cybersecurity, tech, and government contracts experts has been helping organizations manage cyber risk. On October 21, as...more
10/8/2025
/ Continuing Legal Education ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Contractors ,
Incident Response Plans ,
NDAA ,
New Rules ,
Risk Management ,
Webinars
Landmark cybersecurity information sharing legislation that provided both affirmative authorizations and liability protections expired on September 30, 2025, creating uncertainties about future sharing activities. When it was...more
10/6/2025
/ Antitrust Exemption ,
Antitrust Provisions ,
Compliance ,
Corporate Counsel ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Department of Homeland Security (DHS) ,
Information Sharing ,
Liability ,
New Legislation ,
Office of Foreign Assets Control (OFAC) ,
Privacy Laws ,
Proposed Legislation ,
Ransomware ,
Risk Management ,
State Privacy Laws ,
Wiretapping
The U.S. Department of Justice (DOJ) recently announced a coordinated, nationwide enforcement action countering the Democratic People’s Republic of Korea (DPRK or “North Korea”) government’s efforts to finance its regime...more
9/5/2025
/ Anti-Money Laundering ,
Cybersecurity ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Fraud ,
Identity Fraud ,
Information Technology ,
Money Laundering ,
National Security ,
North Korea ,
Remote Working ,
Risk Management ,
Risk Mitigation ,
Technology Sector
On March 19, 2025, the White House released Executive Order (EO) 14239, Achieving Efficiency Through State and Local Preparedness, which calls for a comprehensive review of and changes to many long-standing federal...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
1/29/2025
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
Regulatory Agenda ,
Regulatory Freeze ,
Regulatory Requirements ,
Risk Management
The Trump Administration has issued a new Executive Order (EO) on Artificial Intelligence (AI) that previews the new direction for federal AI policy.
As we noted in a recent update, one of President Trump’s first actions in...more
1/27/2025
/ Artificial Intelligence ,
Biden Administration ,
Executive Orders ,
Machine Learning ,
National Security ,
OMB ,
Regulatory Agenda ,
Regulatory Reform ,
Rescission ,
Technology Sector ,
Trump Administration
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
1/7/2025
/ Artificial Intelligence ,
Chief Information Security Officer (CISO) ,
China ,
Corporate Counsel ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
DFARS ,
Emerging Technologies ,
FCC ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Intelligence Services ,
Internet of Things ,
Loper Bright Enterprises v Raimondo ,
National Security Agency (NSA) ,
NIST ,
OIG ,
Popular ,
Regulatory Agenda ,
Regulatory Standards ,
SCOTUS ,
TSA ,
Unmanned Aircraft Systems
Despite the coming transition in agency leadership, the FCC’s Internet of Things (IoT) Cybersecurity Labeling Program (the IoT Program) hit some major milestones this month, as the agency pushes ahead with this novel program....more
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
11/22/2024
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Disclosure Requirements ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Risk Management ,
Software ,
Subcontractors ,
Supply Chain ,
TSA
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
8/15/2024
/ Compliance ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Acquisition Regulations (FAR) ,
FedRAMP ,
General Services Administration (GSA) ,
Government Agencies ,
Information Technology ,
NIST ,
OMB ,
Software
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
6/10/2024
/ Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
Information Technology ,
NDAA ,
NIST ,
OMB ,
Regulatory Agenda
Companies, particularly those in “critical infrastructure” sectors, have seen a dramatic increase in cybersecurity regulatory requirements in just the past few years – and the White House is looking to move faster. At the...more
The Security and Exchange Commission (SEC) Director of the Division of Corporate Finance, Erik Gerding, released a statement on May 21, 2024 that may have regulated entities scratching their heads about compliance and the...more
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
WHAT: The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published the final version of its Secure Software Development Attestation Common Form (Common Form) and announced...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
Financial Services Industry ,
Food and Drug Administration (FDA) ,
Healthcare ,
ICANN ,
Information Technology ,
NPRM ,
Popular ,
Ransomware ,
Recordkeeping Requirements ,
Securities and Exchange Commission (SEC)
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
As we enter the New Year, Wiley has looked back at the top cyber issues for 2023 and what they mean for 2024. Last year, we saw the rollout of the National Cybersecurity Strategy—which outlined a new era of cyber oversight—as...more
1/3/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Environmental Protection Agency (EPA) ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Federal Trade Commission (FTC) ,
FISA ,
NIST ,
NSTAC ,
NYDFS ,
OMB ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
TSA
On December 14, 2023, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2024 (NDAA), following the Senate’s passage a few days earlier. The President is expected to sign the NDAA into...more
12/19/2023
/ Artificial Intelligence ,
China ,
Cuba ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Drones ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Federal Information Security Modernization Act (FISMA) ,
FISA ,
Greenhouse Gas Emissions ,
Information and Communication Technology (ICT) ,
National Security ,
NDAA ,
Software ,
Subcontractors ,
Supply Chain ,
Unmanned Aircraft Systems ,
US State Departments