After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more
11/12/2024
/ Certifications ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Final Rules ,
NIST ,
Proposed Regulation
On August 15, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the proposed Cybersecurity...more
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and...more
5/9/2024
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
New Regulations ,
NIST ,
Reporting Requirements
On March 12, the Department of Defense (DOD) promulgated a final rule that expands the eligibility criteria for the Defense Industrial Base (DIB) Cybersecurity Program, a voluntary initiative aimed at bolstering the DIB’s...more
On December 26, the Department of Defense (DoD) published its long-awaited Cybersecurity Maturity Model Certification (CMMC) Program proposed rule, which places comprehensive cybersecurity and information security...more
1/3/2024
/ Certification Requirements ,
Comment Period ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
DCMA ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
Federal Contractors ,
NIST ,
Proposed Rules
For nearly two years, we have been reporting on this blog about the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment...more
Last month, the U.S. Court of Appeals for the Federal Circuit’s (Federal Circuit) opinion in The Boeing Co. v. Secretary of the Air Force shed additional light on the technical data rights of contractors under defense...more
For over a year, we have been discussing the Department of Defense’s (DoD) eventual implementation of a Cybersecurity Maturity Model Certification (CMMC) program for Defense contractors, most recently during a webinar in...more
In line with recent actions taken across the government to enhance the resilience of the nation’s cybersecurity apparatus, the Cybersecurity Infrastructure Security Agency (CISA) recently released a set of best practices for...more
11/21/2019
/ Best Practices ,
Cyber Threats ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Information Technology ,
National Security ,
Popular ,
Small Business
A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft...more
10/1/2019
/ Auditors ,
Certification Requirements ,
Controlled Unclassified Information (CUI) ,
Corporate Counsel ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Contractors ,
Public Comment ,
Third-Party Service Provider
The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks. Based on an in-depth...more
8/7/2019
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
National Security ,
NIST ,
Risk Mitigation
The National Institute of Standards and Technology (NIST) is responsible for developing information security standards and guidelines—including minimum requirements for federal information systems. At the end of February,...more
In mid-January, the General Services Administration (GSA) released their Semiannual Regulation Agenda. Within this agenda, GSA announced plans to update requirements in the General Services Administration Acquisition...more
1/31/2018
/ Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
DFAR ,
Employee Training ,
Federal Information Security Modernization Act (FISMA) ,
Federal Supply Schedule (FSS) ,
General Services Administration (GSA) ,
GSAR ,
Personally Identifiable Information ,
Reporting Requirements
- MoneyGram and Ant Financial mutually terminate $1.2 billion proposed merger
- CFIUS’s concerns focused on cyber and information security
- Scrutiny of buyers’ information security processes is likely to increase
On...more
1/22/2018
/ Acquisitions ,
CFIUS ,
China ,
Cross-Border Transactions ,
Cybersecurity ,
Data Security ,
Foreign Investment ,
Mergers ,
Moneygram ,
National Security ,
Technology Sector ,
Trump Administration
Later this month, the GSA will issue a refresh to all GSA Multiple Award Schedules (MAS) to incorporate new provisions and clause updates. Even if you are already a GSA Schedule holder, keep reading – a bilateral modification...more
4/18/2017
/ Cybersecurity ,
Data Protection ,
Electronic Reporting ,
Federal Contractors ,
General Services Administration (GSA) ,
Modification ,
Multiple Award Schedule (MAS) ,
Paid Sick Leave Act ,
Service Contract Labor Standards (SCLS) ,
Small Business ,
Subcontracts