Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
On April 8, the Office of the Comptroller of the Currency (OCC) officially notified Congress of a significant information security incident involving its email system. This notification, mandated by the Federal Information...more
The rule imposes substantial new diligence, reporting, cybersecurity, and auditing obligations on companies. On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued a final rule implementing Executive Order...more
The HHS Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying 946,801 people whose protected health information or other personally identifiable information...more
On April 4, 2024, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) officially published its Notice of Proposed Rulemaking (NPRM) detailing significant new cybersecurity...more
In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more
It’s Cybersecurity Awareness Month, and this year marks the 20th anniversary of the campaign. Introducing “Secure Our World” as the central theme, the Cybersecurity Infrastructure and Security Agency (CISA) is on a...more
On October 18, 2022, the Transportation Security Administration (TSA) issued Security Directive 1580-21-01A, intended to make the nation’s rail system more cyber secure by promoting lines of communication and improving...more
In March 2022, President Joseph Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which tasked the Cybersecurity and Infrastructure Security Agency (CISA) with developing and...more
Under the new law, critical infrastructure owners and operators will be required to report significant cyber incidents to the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA)...more
President Joe Biden signed the Strengthening American Cybersecurity Act into law on March 15. Among other requirements, companies that are “covered entities” must report data breaches promptly to federal regulators. For...more
On Tuesday, March 15, President Joe Biden signed into law a $1.5 trillion government funding bill that included new legislation mandating critical infrastructure owners and operators to report a substantial cyber-attack and...more
On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President...more
Under legislation signed into law today by President Joe Biden, certain companies will be required to report cyberattacks to the federal government within 72 hours, and ransomware payments within 24 hours. Within 24...more
A bipartisan group of 14 United States senators recently introduced proposed legislation that would require federal contractors and operators of critical infrastructure to disclose any cyber intrusion within 24 hours...more
The legislation would require all federal contractors to report potential and actual cybersecurity incidents to the Department of Homeland Security. The Act would impose a 24-hour reporting requirement on federal...more
Federal contractors face confusion and uncertainty over whether their companies and employees performing under federal contracts are exempted from the various restrictions in the recent state-issued “stay at home” orders...more