Increasingly, the Federal government implements a rule for government contractors which then makes its way in some form into all of US industry. Cybersecurity regulations, mandating that government contractors, grant and...more
4/22/2022
/ Comment Period ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Disclosure Requirements ,
Federal Contractors ,
Proposed Rules ,
Regulatory Agenda ,
Securities and Exchange Commission (SEC) ,
Securities Regulation
This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian...more
2/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Homeland Security (DHS) ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security ,
Popular ,
Risk Management ,
Russia ,
Threat Management ,
Vulnerability Assessments
In the wake of increasing cybersecurity threats and incidents, the U.S. Department of Defense (DoD) amended its Federal Acquisition Regulation Supplement (DFARS) in 2015 to issue the 252.204-7012, Safeguarding Covered Defense...more
Published on June 9, 2021, President Biden’s Executive Order on Protecting America’s Sensitive Data from Foreign Adversaries is the latest Executive Order seeking to strengthen national security by improving public and...more
6/24/2021
/ Biden Administration ,
Connected Items ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Executive Orders ,
Foreign Adversaries ,
Information Technology ,
Mobile Apps ,
National Security ,
Personally Identifiable Information ,
PHI ,
Privacy Concerns ,
Software ,
TikTok
Previously we reported on President Trump’s Executive Orders banning U.S. nationals’ investment in designated Chinese companies that pose a threat to our national security under the International Emergency Economic Powers...more
6/15/2021
/ Biden Administration ,
China ,
Cybersecurity ,
Defense Sector ,
Executive Orders ,
Foreign Policy ,
Foreign Relations ,
Investment ,
National Security ,
Popular ,
Supply Chain
If you live on the East Coast and tried to get gasoline last week, you already know firsthand of the impacts that a cyber incident can wreck on the supply chain. As a result of the Colonial Pipeline cyber incident, a...more
Recent weeks have brought news on multiple fronts regarding supply chain risks and actions in response thereto:
Commerce ICTS Regulations to Go Into Effect; Chinese ICTS Companies, Products and Services in the...more
3/22/2021
/ Biden Administration ,
China ,
Cybersecurity ,
Department of Defense (DOD) ,
DFARS ,
FCC ,
Foreign Policy ,
International Emergency Economic Powers Act (IEEPA) ,
Internet of Things ,
National Security ,
Regulatory Oversight ,
Risk Management ,
Supply Chain ,
Telecommunications
If you don’t know about SolarWinds, then you haven’t been reading the news for the past six months. Last October 2020, it was reported that a widely-used networking tool that helps companies in the public and private sectors...more
The Cybersecurity Maturity Model Certification (CMMC) Advisory Board (CMMC AB) made a major announcement on September 16, 2020, announcing that it has trained an initial group of provisional assessors....more
The saga of what is prohibited and what is covered by an exception to the National Defense Authorization Act, FY 2019, Section 889 prohibition on the use or delivery of covered telecommunications and video surveillance...more
9/3/2020
/ Cybersecurity ,
Data Security ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
General Services Administration (GSA) ,
NASA ,
NDAA ,
Procurement Guidelines ,
Supply Chain ,
Surveillance ,
Telecommunications
Our blogs and alerts have reported on the increasing legislative and regulatory requirements to promote the security of the U.S. supply chain, including its cybersecurity....more
8/3/2020
/ China ,
Coronavirus/COVID-19 ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Security ,
Department of Justice (DOJ) ,
Federal Contractors ,
Foreign Adversaries ,
Hackers ,
Indictments ,
National Security ,
Popular ,
Risk Management ,
Supply Chain ,
Vulnerable Victims
It is now June 2020. The Department of Defense (DoD) initially projected that, this month, it would issue ten pilot Requests for Information (RFIs) as part of its efforts to develop the means for its implementation of the...more
Last week we reported on developments in the Department of Defense (DoD) efforts to implement enhanced Defense Industrial Base cybersecurity requirements. ...more
The Government continues to take steps to address its Defense Industrial Base supply chain cybersecurity....more
Earlier this month, it was reported that the National Security Agency (NSA) discovered a serious security flaw in Microsoft Windows 10 cryptographic functionality, CVE-2020-0601.That security flaw could render trust...more
2/4/2020
/ Controlled Defense Information (DDI) ,
Cybersecurity ,
Defense Sector ,
DFARS ,
Federal Contractors ,
Information Security ,
Just Compensation ,
Microsoft ,
National Security ,
National Security Agency (NSA) ,
Network Security ,
NIST ,
Popular ,
Security and Privacy Controls ,
Security Controls ,
Software ,
Supply Chain ,
Vulnerability Assessments
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework...more
1/24/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Data Protection ,
Data Security ,
Framework Agreement ,
General Data Protection Regulation (GDPR) ,
NIST ,
Personal Data ,
Popular ,
Privacy Act of 1974 ,
Risk Management
Last month we reported on the Department of Defense’s (DoD’s) issuance of Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) standard. That draft included DoD updates and revisions to CMMC’s domains,...more
12/20/2019
/ Bid Protests ,
Competitive Bidding ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Popular ,
Public Bidding ,
Supply Chain
Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program...more
11/22/2019
/ Certification Requirements ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Information Governance ,
Information Management ,
Information Technology ,
NIST ,
Popular ,
Regulatory Agenda ,
Rulemaking Process
In the face of increasing concern over the security of Navy and Marine Corps (Navy) programs, the Navy Marine Corps Acquisition Regulation Supplement (NMCARS) was updated on September 6, 2019 to incorporate significant...more
10/11/2019
/ Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Management ,
Data Protection ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Incident Response Plans ,
Popular ,
Public Procurement Policies ,
Reporting Requirements ,
U.S. Navy
Earlier this year, Assistant Secretary of Defense for Acquisition & Logistics Kevin Fahey announced that the Department of Defense (“DoD”) was working with Carnegie Mellon University and Johns Hopkins Applied Physics...more
9/12/2019
/ Best Practices ,
Comment Period ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Popular ,
Public Comment
Cybersecurity continues to be an imperative for the protection of the Department of Defense (DoD) and its contractors' supply chain. On June 19, 2019, the National Institute of Standards and Technology (NIST) issued two draft...more
6/26/2019
/ Cyber Attacks ,
Cybersecurity ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Network Security ,
NIST ,
Popular ,
Security Controls ,
Security Standards ,
Supply Chain