The California Privacy Protection Agency ("CPPA" or "Agency") is seeking preliminary comments on proposed rulemaking for risk assessments and cybersecurity audits for higher-risk data processing activities, and consumer...more
Since its inception in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has sought to facilitate adoption of secure cloud computing services by federal government agencies. A newly enacted law, the...more
The Cybersecurity Infrastructure and Security Agency (CISA), an operational component of the U.S. Department of Homeland Security, released Version 2 of its Cloud Security Technical Reference Architecture (Cloud Security TRA)...more
On Monday, March 21, 2022, the White House issued a statement warning of "evolving intelligence" that the Russian government may launch cyberattacks aimed at the United States in response to sanctions arising from Russia's...more
Since first announced in December 2021, the critical Log4j vulnerability has stolen the attention of many cybersecurity professionals. The Federal Trade Commission (FTC) has taken notice too....more
The Department of Defense (DoD) has announced major changes to its Cybersecurity Maturity Model Certification (CMMC) program for defense industrial base (DIB) contractors and subcontractors. The revamped program, called "CMMC...more
The Department of Defense (DoD) has announced major changes to its Cybersecurity Maturity Model Certification (CMMC) program for defense industrial base (DIB) contractors and subcontractors. The revamped program, called "CMMC...more
The Federal Trade Commission (FTC) recently announced significant new information security requirements for non-bank financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). The new requirements are incorporated...more
The Department of Justice (DOJ) is bringing one of its trustiest tools to the project of improving the nation's cybersecurity. The DOJ announced last week the launch of its Civil Cyber-Fraud Initiative which will use the...more
Over the last several weeks, the National Institute of Standards and Technology (NIST) has taken key steps towards the creation of a consumer labeling program for the cybersecurity of Internet of things (IoT) devices....more
The Department of Homeland Security (DHS) announced the issuance of the Transportation Security Administration's (TSA) second Security Directive (Directive) creating mandatory cybersecurity rules for owners and operators of...more
It has been a busy summer for data breach and cybersecurity laws. Several states have shortened their data breach notification timelines, expanded their definitions of personal data breaches triggering notification...more