Since 2004, October has marked Cybersecurity Awareness Month and for more than 15 years Wiley’s team of cybersecurity, tech, and government contracts experts has been helping organizations manage cyber risk. On October 21, as...more
10/8/2025
/ Continuing Legal Education ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Contractors ,
Incident Response Plans ,
NDAA ,
New Rules ,
Risk Management ,
Webinars
WHAT: The U.S. Department of Defense (DOD) this month published the second of two final rules needed to begin phasing in the long-awaited Cybersecurity Maturity Model Certification (CMMC) Program.
This final rule amends the...more
9/23/2025
/ Contract Terms ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Security ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Final Rules ,
Information Technology ,
NIST ,
Regulatory Requirements ,
Subcontractors ,
Supply Chain
The U.S. Department of Defense (DOD) recently published the final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more
9/19/2025
/ Continuing Legal Education ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Final Rules ,
NIST ,
Risk Mitigation ,
Security Risk Assessments ,
Subcontractors ,
Supply Chain ,
Webinars
WHAT: The U.S. Department of Defense (DOD) has published the final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more
9/11/2025
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Final Rules ,
Regulatory Requirements ,
Subcontractors ,
Supply Chain
WHAT: The U.S. Department of Defense (DOD) published a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to prohibit contracting officers from awarding contracts assigned certain North American...more
8/28/2025
/ Conflicts of Interest ,
Contract Terms ,
Contractors ,
Defense Contracts ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Federal Procurement Systems ,
Final Rules ,
NAICS ,
National Security ,
NDAA ,
Regulatory Requirements ,
Subcontractors
President Trump issued a cybersecurity Executive Order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity” (Trump EO), along with a corresponding Fact Sheet on June 6, 2025. The Trump EO clears some of the...more
6/16/2025
/ Artificial Intelligence ,
Biden Administration ,
China ,
Cloud Computing ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Executive Orders ,
Federal Contractors ,
FedRAMP ,
Government Agencies ,
Internet of Things ,
National Security ,
National Security Agency (NSA) ,
NIST ,
OMB ,
Popular ,
Regulatory Reform ,
Software ,
Supply Chain ,
Trump Administration
WHAT: FedRAMP has announced that it will be working on a new framework for authorization and assessment of cloud services for federal consumption, calling the initiative “FedRAMP 20X” (announcement here). In response to...more
WHAT: Department of Defense (DOD) Secretary Pete Hegseth issued a memorandum titled “Directing Modern Software Acquisition to Maximize Lethality” that is intended to reform DOD’s procurement involving software development....more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
1/29/2025
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
Regulatory Agenda ,
Regulatory Freeze ,
Regulatory Requirements ,
Risk Management
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
11/22/2024
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Disclosure Requirements ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Risk Management ,
Software ,
Subcontractors ,
Supply Chain ,
TSA
WHAT: The U.S. Department of Defense (DOD) issued a proposed rule to implement Section 1655(a) and (c) of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (Pub. L. 115-232). The proposed rule would...more
11/21/2024
/ Cybersecurity ,
Defense Contracts ,
Department of Defense (DOD) ,
Disclosure Requirements ,
Electronic Data Transmissions ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
National Security ,
NDAA ,
Software ,
Supply Chain
WHAT: On October 15, 2024, the U.S. Department of Defense (DOD) published the final CMMC 2.0 Program rule. DOD’s final rule outlines the mechanisms that DOD will use to prescribe cybersecurity standards for safeguarding...more
WHAT: On October 15, 2024, the U.S. Department of Defense (DOD) will publish the final CMMC 2.0 Program rule. DOD’s final rule outlines the mechanisms that DOD will use to prescribe cybersecurity standards for safeguarding...more
Last week, the U.S. Department of Defense (DOD) published a proposed rule that would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a statutory prohibition on DOD awarding contracts with...more
10/11/2024
/ Conflicts of Interest ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Foreign Entities ,
GAO ,
NAICS ,
National Security ,
NDAA ,
Office of Foreign Assets Control (OFAC) ,
PRC ,
Proposed Rules ,
U.S. Commerce Department ,
US Department of State
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
8/15/2024
/ Compliance ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Acquisition Regulations (FAR) ,
FedRAMP ,
General Services Administration (GSA) ,
Government Agencies ,
Information Technology ,
NIST ,
OMB ,
Software
In May 2024, the National Institute of Standards and Technology (NIST) published Special Publication 800-171 Rev 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and the accompanying...more
WHAT: On May 2, 2024, the U.S. Department of Defense (DOD) issued a Defense Federal Acquisition Regulation Supplement (DFARS) class deviation related to the cybersecurity standards required for covered contractor information...more
WHAT: The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published the final version of its Secure Software Development Attestation Common Form (Common Form) and announced...more
WHAT: On February 16, 2024, the U.S. Department of Defense (DOD) posted a 40-minute video overview of DOD’s proposed requirements for the Cybersecurity Maturity Model Certification (CMMC) program. The video is available here,...more
WHAT: The U.S. Department of Defense (DOD) has issued a proposed rule setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The proposed rule primarily...more
WHAT: The U.S. Department of Defense (DOD) has issued a proposed rule setting forth the requirements for its long-anticipated Cybersecurity Maturity Model Certification 2.0 (CMMC) program. The proposed rule primarily...more
WHAT: As we previously reported here, on October 3, 2023, the Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021...more
10/12/2023
/ Cloud Computing ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
DFARS ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
Internet of Things ,
Software ,
Subcontractors
WHAT: The Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021 Executive Order No. 14028 on Improving the Nation’s...more
On June 21, 2023, the U.S. Department of Homeland Security (DHS) issued a final rule that revises the Homeland Security Acquisition Regulation (HSAR) to implement security and privacy measures for contractors to safeguard...more
On June 9, 2023, the Office of Management and Budget (OMB) issued a guidance memorandum, OMB M-23-16, that extends the timeline for agencies to begin collecting attestations for critical and non-critical software from...more