On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the...more
In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and...more
On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional...more
In response to a constantly-evolving cyber threat landscape, the Biden Administration recently announced the launch of a new cybersecurity labeling program – the U.S. Cyber Trust Mark program – in an effort to enhance...more
8/4/2023
/ Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Collection ,
Data Security ,
Federal Contractors ,
Internet of Things ,
New Legislation ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Privacy Concerns ,
Privacy Laws ,
Smart Devices ,
Technology Sector
On July 18, 2023, the Biden Administration announced the launch of the long-awaited cybersecurity labeling program, called the “U.S. Cyber Trust Mark,” aimed at providing consumers with a better understanding of the...more
8/2/2023
/ Biden Administration ,
Cybersecurity ,
Data Security ,
FCC ,
Internet of Things ,
Internet Retailers ,
Labeling ,
NIST ,
Notice of Proposed Rulemaking (NOPR) ,
Online Marketplace ,
Popular ,
Regulatory Agenda ,
Telecommunications ,
Wireless Technology
The National Institute of Standards and Technology is updating the security standards that govern the protection of sensitive government information. NIST recently released an initial public draft for comment. The document...more
On June 9, 2023, OMB released additional guidance on the implementation of OMB Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practice, which requires that federal...more
The National Institute of Standards and Technology (NIST) has released an initial public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Compliance...more
While you were asking ChatGPT to create a 3-course menu for the upcoming book club you’re hosting or to explain the Rule Against Perpetuities, several federal government agencies announced initiatives related to the use of...more
5/1/2023
/ Artificial Intelligence ,
Automated Systems ,
Bots ,
Consumer Financial Protection Bureau (CFPB) ,
Copyright ,
Department of Justice (DOJ) ,
Equal Employment Opportunity Commission (EEOC) ,
Federal Trade Commission (FTC) ,
Infringement ,
Machine Learning ,
NIST ,
Open Source Software ,
Patents ,
Rule Against Perpetuities ,
Technology Sector
On March 2, 2023, the Biden Administration released its National Cybersecurity Strategy. The Strategy represents the latest push by the Administration to focus on cybersecurity concerns, following the release of Executive...more
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
1/24/2023
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Acquisition Regulations (FAR) ,
Government Agencies ,
NIST ,
OMB ,
Popular ,
Software ,
Supply Chain
In this second in our series, we look at the long awaited update to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” which is expected to be released in late spring...more
As we get settled into the New Year it is a good time to reflect on your company’s current data security and plans for 2023. In this five-part series, we reflect on the top important cybersecurity developments for companies...more
The White House recently hosted a group of industry and government partners to discuss the development and implementation of an Internet of Things (IoT) labeling program. This program would develop a common label to help...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October...more
Per Executive Order 14028, Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) issued a memorandum on September 14, 2022 requiring federal agencies to only use software from software producers that...more
9/29/2022
/ Contract Solicitation ,
Cybersecurity ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
NIST ,
OMB ,
Software ,
Supply Chain ,
Third-Party
On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The...more
Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays...more
NIST recently released several key deliverables relating to cybersecurity. These focus on secure software development and new consumer labeling programs as contemplated by President Biden’s Executive Order 14028, which seeks...more
The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here)....more
The Department of Defense (DOD) recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our...more
The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October...more
11/11/2021
/ Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Information Technology ,
NIST ,
Risk Management ,
Software ,
Supply Chain ,
Technology
On November 4, 2021, the Department of Defense (“DOD”) announced several changes to the Cybersecurity Maturity Model Certification (“CMMC”) program – the program that DOD intends to use to enhance the security of the defense...more
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST...more