WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
1/29/2025
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
Regulatory Agenda ,
Regulatory Freeze ,
Regulatory Requirements ,
Risk Management
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
11/22/2024
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Disclosure Requirements ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Risk Management ,
Software ,
Subcontractors ,
Supply Chain ,
TSA
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
6/10/2024
/ Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
Information Technology ,
NDAA ,
NIST ,
OMB ,
Regulatory Agenda
The Security and Exchange Commission (SEC) Director of the Division of Corporate Finance, Erik Gerding, released a statement on May 21, 2024 that may have regulated entities scratching their heads about compliance and the...more
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
Financial Services Industry ,
Food and Drug Administration (FDA) ,
Healthcare ,
ICANN ,
Information Technology ,
NPRM ,
Popular ,
Ransomware ,
Recordkeeping Requirements ,
Securities and Exchange Commission (SEC)
As we enter the New Year, Wiley has looked back at the top cyber issues for 2023 and what they mean for 2024. Last year, we saw the rollout of the National Cybersecurity Strategy—which outlined a new era of cyber oversight—as...more
1/3/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Environmental Protection Agency (EPA) ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Federal Trade Commission (FTC) ,
FISA ,
NIST ,
NSTAC ,
NYDFS ,
OMB ,
Popular ,
Ransomware ,
Securities and Exchange Commission (SEC) ,
TSA
The cyber reporting landscape is rapidly shifting. Many agencies are developing rules, and a major player has been the U.S. Securities and Exchange Commission (SEC), with important questions arising about implementation of...more
12/14/2023
/ Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
National Security ,
Public Disclosure ,
Public Safety ,
Risk Management ,
Securities and Exchange Commission (SEC)
On December 18, the Securities and Exchange Commission's (SEC) new disclosure requirements go into effect and will require public companies to publicly report material cybersecurity incidents within four days of making a...more
12/12/2023
/ Cyber Incident Reporting ,
Cybersecurity ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
FBI ,
Governance Standards ,
National Security ,
Public Safety ,
Publicly-Traded Companies ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
The Black Cat/ALPHV ransomware group filed a complaint with the U.S. Securities and Exchange Commission (SEC) to allege that one of their victims failed to disclose a cyberattack to the SEC within four days, reports Bleeping...more
Wiley’s cyber team talks about cyber incident reporting after a new report from DHS advising Congress on duplication of reporting regimes. With over 50 reporting requirements spread over 20 agencies, federal agencies and the...more
On July 29, 2022, the New York Department of Financial Services (DFS) released Draft Amendments to its Part 500 Cybersecurity Rules. These changes are open for a preliminary public comment until August 18, and then an...more
8/17/2022
/ Chief Information Security Officer (CISO) ,
Covered Entities ,
Cyber Incident Reporting ,
Cybersecurity ,
Financial Institutions ,
Financial Services Industry ,
Multi-Factor Authentication ,
New York ,
Popular ,
Proposed Amendments ,
Securities and Exchange Commission (SEC)
Late 2021 and early 2022 have been full of federal government activity related to cybersecurity incident reporting. Congress passed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 to require mandatory...more
3/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Protection ,
Department of Homeland Security (DHS) ,
Popular ,
Securities and Exchange Commission (SEC) ,
TSA
What: Publicly traded companies may soon be subject to additional cybersecurity reporting requirements. On March 9, 2022, the Securities and Exchange Commission (SEC) proposed rules and amendments to enhance and standardize...more