On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
1/21/2025
/ Compliance ,
Contractors ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
Incident Response Plans ,
NIST ,
Regulatory Agenda ,
Regulatory Requirements ,
Regulatory Standards ,
Risk Management ,
Subcontractors ,
Training
The Time Is Now for Defense Contractors To Get Compliant.
If you work for a defense contractor or subcontractor responsible for handling controlled unclassified information (CUI) and/or federal contract information...more
The United States Department of Defense (DoD) took another big step on the path to instituting its highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0). Once finalized, CMMC 2.0 will establish...more
8/21/2024
/ Certification Requirements ,
Comment Period ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Proposed Rules ,
Subcontractors
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
4/15/2024
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Environmental Social & Governance (ESG) ,
Information Technology ,
NIST ,
Risk Assessment ,
Sensitive Personal Information ,
Software
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
3/28/2024
/ Biden Administration ,
Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Data Privacy ,
New Legislation ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Reporting Requirements
On March 12, 2024, the U.S. Department of Defense (DoD) published a final rule (pdf) that dramatically expands access to defense contractors seeking to join the DoD’s voluntary Defense Industrial Base Cybersecurity Program...more
On February 28, 2024, U.S. President Joe Biden issued Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO), which authorizes...more
3/5/2024
/ Biden Administration ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
New Regulations ,
Personal Data ,
Popular ,
Proposed Regulation ,
Regulatory Reform
The U.S. Department of Defense (DoD) released a proposed rule to implement its Cybersecurity Maturity Model Certification (CMMC) program, which would establish a comprehensive set of cybersecurity requirements applicable to...more
3/1/2024
/ Applications ,
Certifications ,
Contractors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Department of Defense (DOD) ,
Federal Contractors ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Small Business ,
Subcontractors
For businesses subject to California Consumer Privacy Act (CCPA), privacy compliance just became urgent. A California appellate court agreed on February 9, 2024, with the California Privacy Protection Agency (CPPA) that there...more
2/15/2024
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
New Regulations ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws ,
Technology Sector
CISA’s Incident Response Guide outlines ways in which WWS owners and operators can engage with federal agencies to prepare for, mitigate, and respond to cyber incidents, including best practices for incident response and...more
2/7/2024
/ Best Practices ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Environmental Protection Agency (EPA) ,
FBI ,
Incident Response Plans ,
Waste Treatment Facilities ,
Wastewater ,
Water