DHS and Cyber: What Should Companies Expect?
This week, the Trump Administration reached the 100-day mark—a significant milestone in any presidential term wherein key administrative priorities and objectives are promulgated. Perhaps unsurprisingly, cybersecurity stands...more
On January 16, 2025, former President Biden issued the Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the EO). The EO directs various parts of the federal government to adopt a...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which was published in the...more
WHAT: The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published the final version of its Secure Software Development Attestation Common Form (Common Form) and announced...more
Last October, the Federal Acquisition Regulation (FAR) Council proposed two new rules, one of which that will influence cyber incident response practices. The scope is limited as it only applies to federal government...more
On October 3, 2023, the FAR Council released two proposed rules for federal contractor cybersecurity requirements that relate to cyber threat and incident reporting and information sharing (case 2021-017) and standardizing...more
Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration...more
Last month the Federal Acquisition Regulatory (FAR) Council announced a major proposal regarding cybersecurity incident reporting and information. Comments currently are now due by February 2, 2024....more
Earlier this month the Federal Acquisition Regulation (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. The proposed rules, Cyber Threat and Incident Reporting...more
WHAT: As we previously reported here, on October 3, 2023, the Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021...more
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National...more
WHAT: The Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021 Executive Order No. 14028 on Improving the Nation’s...more
In response to a constantly-evolving cyber threat landscape, the Biden Administration recently announced the launch of a new cybersecurity labeling program – the U.S. Cyber Trust Mark program – in an effort to enhance...more
On February 7, 2023, the Department of Justice (DOJ) announced that settlements and judgments under the False Claims Act exceeded $2.2 billion during the 2022 fiscal year and that the government posted its second-highest...more
For just shy of a decade, the Defense Industrial Base (DIB) has had to operate under rules dictating the safeguarding of Controlled Unclassified Information, along with a strict 72-hour notification requirement if/when/should...more
What: Cleared Defense Contractors (CDCs) are being actively targeted by Russian state-sponsored cyber activity, according to a Joint Cybersecurity Advisory from the Federal Bureau of Investigation (FBI), National Security...more
On December 15, 2021, Congress passed the National Defense Authorization Act (NDAA or Act) for Fiscal Year (FY) 2022, which President Biden is expected to sign into law soon. As usual, the NDAA contains numerous provisions...more
The Department of Justice recently announced a new initiative that aims to hold government contractors accountable when they fail to meet required cybersecurity standards. In announcing the “Civil Cyber-Fraud Initiative” in...more
President Biden signed an executive order to bolster the federal government’s cybersecurity posture on May 12. The order focuses on implementing vital improvements to networks of federal departments and agencies, many of...more
The President’s new Executive Order on Improving the Nation’s Cybersecurity includes wide-ranging measures intended to strengthen security standards for the federal government and federal government contractors in response to...more
On Wednesday, the White House released a widely anticipated Executive Order on Improving the Nation’s Cybersecurity (EO). The EO addresses four major areas of cybersecurity maturity for the federal government and its private...more
On Wednesday, May 12, 2021, President Biden issued an ambitious and sweeping Executive Order focused on combating digital threats to US networks and infrastructure. The Executive Order on Improving the Nation’s Cybersecurity...more