Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more
On April 3, NIST published practical incident response guidance aligned with its CSF 2.0 framework. The guidance outlines best practices in security incident preparation and response for organizations mapped across each of...more
Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more
The New York Department of Financial Services (DFS) has issued guidance, in the form of an industry letter, on addressing cybersecurity risks arising from artificial intelligence (AI) under its cybersecurity regulation, 23...more
The U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) recently announced the publication of three AI guidelines as well as its release of a software package aimed at helping organizations...more
On July 26, 2024, the National Institute for Standards and Technology (“NIST”), part of the Department of Commerce, released guidelines, a global engagement plan, and software covering various aspects of AI technology...more
Aerospace, defense, and security businesses are subject to a myriad of regulations and operational requirements that are constantly changing. These include things like SBA rules for credit for small businesses and...more
Welcome to the latest edition of Updata! Updata is an international report produced by Eversheds Sutherland’s dedicated Privacy and Cybersecurity team – it provides you with a compilation of key privacy and cybersecurity...more
On March 8, the Department of Health and Human Services (HHS) released a cybersecurity implementation guide to assist public and private health care sectors prevent cybersecurity incidents. The Cybersecurity Framework...more
On January 26, 2023, the U.S. National Institute of Standards and Technology (NIST) released the Artificial Intelligence (AI) Risk Management Framework (AI Risk Management Framework 1.0), a voluntary guidance document for...more
Without question, healthcare providers and the companies that support them operate in an elevated cybersecurity risk environment. And when a cybersecurity incident occurs, the ensuing regulatory inquiries and/or...more
CYBERSECURITY NIST - Releases Guidance on Supply Chain Security - The National Institute of Standards and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain...more
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
NIST recently released several key deliverables relating to cybersecurity. These focus on secure software development and new consumer labeling programs as contemplated by President Biden’s Executive Order 14028, which seeks...more
The National Institute of Standards and Technology (NIST) recently published “A Proposal for Identifying and Managing Bias in Artificial Intelligence,” a special publication that is part of a series of documents and workshops...more
New guidance is available for remote patient monitoring (RPM) companies on cybersecurity and privacy compliance. The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and...more
More prevalent than ever before, Internet of Things (“IOT”) devices, a term that includes connected “smart” devices, such as internet connected TVs, wearables, smart speakers, such as the Amazon Echo and Google Home, are fast...more
Is this a Start of Something New for Third-Party Management? The demand for responsible cybersecurity in business is ubiquitous. The need to protect information is not limited to the financial services, insurance and...more
Taking over as editors of Holland & Knight’s Government Contracts Blog has been a labor, but it has been a labor of love. Like the rest of the Government Contracts Team, we are passionate about staying on top of the latest...more
• In recently released guidance, the U.S. Department of Defense (DoD) confirms a "one size does not fit all" approach to contractor compliance with its cybersecurity clauses that cover the safeguarding of contractor networks,...more
Smart machines connected to the internet have become ubiquitous in our daily lives. They make up the Internet of Things (“IoT”), a vast web of interconnected iPhones and Fitbits, tablets and cameras, even baby monitors and...more
All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an...more
The Department of Justice (DOJ) recently announced the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum. Financial institutions and other companies should consider...more
Organizations are preparing for data incidents and breaches by developing, updating, implementing, and testing incident response plans. This article provides a checklist of key components of an incident response plan. ...more
Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response. The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches. The...more