So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
To dramatically scale up the Modernizing the Federal Risk and Authorization Management Program (FedRAMP) marketplace, the Office of Management and Budget (OMB) has completely rewritten FedRAMP’s vision, scope and governance...more
It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released...more
On January 26, 2024, the Federal Risk and Authorization Management Program (“FedRAMP”) published a draft Emerging Technology Prioritization Framework developed in response to President Biden’s Executive Order 14110 on Safe,...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
On December 21, 2023, the Department of Defense (DoD) issued a memorandum (Memo) providing guidance and clarification on the security and cyber incident management requirements applicable for the use of external Cloud Service...more
On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (“FedRAMP”) (the “Draft Memo”). The...more
Automation in the compliance arena is becoming increasingly ubiquitous. Yet many of the most significant innovations for automation are not found in the anti-bribery/anti-corruption space but in adjacent spaces. That message...more
The Federal Risk and Authorization Management Program (FedRAMP) Program Management Office recently released a revised version of its Obligations and Compliance Standards document for third party assessors – the organizations...more
The Project Management Office (PMO) for the Federal Risk and Authorization Management Program (FedRAMP) has issued an updated version of FedRAMP's 3PAO Obligations and Performance Standards (3PAO Standards), which sets forth...more
To conclude our series of cybersecurity areas to focus on in 2023 for those who do business with the Federal government, we look at the FedRAMP and StateRAMP developments from 2022...more
Since its inception in 2011, the Federal Risk and Authorization Management Program (FedRAMP) has sought to facilitate adoption of secure cloud computing services by federal government agencies. A newly enacted law, the...more
Inflation relief for defense contractors, a ban on procurement of products and services containing certain Chinese semiconductors, and codification of the Federal Risk and Authorization Management Program (FedRAMP) governing...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October...more
On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
On March 1st, the United States Senate passed a historic cybersecurity bill with bipartisan and unanimous support. This bill impacts operators of federal infrastructure and federal civilian agencies. The Strengthening...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13,...more
Although the Connecticut legislature was not successful in passing a privacy law similar to those passed in California, Colorado and Virginia, on June 24, 2021, the “Act Incentivizing The Adoption Of Cybersecurity Standards...more
The President’s new Executive Order on Improving the Nation’s Cybersecurity includes wide-ranging measures intended to strengthen security standards for the federal government and federal government contractors in response to...more
On May 12, 2021, President Joe Biden issued a wide ranging Executive Order “On Improving the Nation’s Cybersecurity,” which was in the works after the SolarWinds cyberattack and arrived soon after a ransomware attack on the...more
As the COVID-19 pandemic and social distancing enforced remote work only accelerated the move to the cloud for many organizations, it should come as no surprise that the use of cloud-based solutions continues to be on the...more
While all companies should be concerned with their cybersecurity posture, companies in the aerospace, defense, and government services (ADG) industry are potentially subject to greater risks due to the industry's highly...more
Cloud computing is ubiquitous in the federal market place. Many federal contractors either provide cloud computing services to the government or use cloud computing services when performing a federal contract. For cloud...more