Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
On January 15, 2025, the Federal Acquisition Regulatory Council (FAR Council) proposed two significant rule changes that could reshape compliance obligations for government contractors: one establishing standardized...more
NIST’s “quick-start guide” is designed to assist acquirers as they evaluate the various risks across their network of suppliers, focusing on supply chain tiers, foreign ownership, control or influence (FOCI), provenance,...more
To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week...more
FCC Requests Comment on CPNI/SIM Change Authentication Item: In this Further Notice of Proposed Rulemaking (FNPRM), the Federal Communications Commission (FCC or Commission) seeks comment on whether to harmonize the existing...more
FCC Seeks Comment on Safeguarding and Securing the Open Internet: In this Notice of Proposed Rulemaking (NPRM), the Federal Communications Commission (FCC or Commission) proposes to reinstate the open Internet rules the...more
The National Institute of Standards and Technology (NIST) recently unveiled a proposed update to its Cybersecurity Framework, which was originally developed to provide information security guidelines for “critical...more
As follow-on guidance to Office of Management and Budget’s (OMB) September 14, 2022 memo and the associated Executive Order on Improving the Nation’s Cybersecurity from May 2021, the Cybersecurity and Infrastructure Security...more
On May 10, the National Institute of Standards and Technology (NIST) released its initial public draft of SP 800-171, Revision 3, a set of updated guidelines aimed at helping organizations better handle confidential...more
Public comments on updating the National Institute of Standards and Technology’s (NIST), the Framework for Improving Critical Infrastructure Cybersecurity (CSF), highlight private and public sector interest in this core...more
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
The National Institute of Standards and Technology (NIST) issued a request for public comment to help guide the development of the current and future state of technology in eight emerging technology areas. Those areas include...more
On November 17, 2021, the U.S. Department of Defense (DOD) published an Advanced Notice of Proposed Rulemaking (ANPRM) previewing significant changes to its Cybersecurity Maturity Model Certification (CMMC) program.1 The...more
Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its...more
FCC Seeks Public Comment on the Current and Future Regulation of the “Internet of Things” - The FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of...more
Last month, the Office of Management and Budget (OMB) and the Cyber and Infrastructure Security Agency (CISA) released draft guidance to implement a Zero Trust cybersecurity policy government-wide. OMB and CISA are seeking...more
Key Wireless Deadlines - FCC Requests Comment on a Petition for Reconsideration of 2016 Updates to the Lifeline Program: The Federal Communications Commission (FCC or Commission) requests comment via a Public Notice to...more
Report on Patient Privacy 20, no. 2 (February 2020) - The year is still young, but the federal government has announced a potentially far-reaching privacy effort that should catch HIPAA compliance officers’ attention. And...more
On January 7, 2019, the federal Office of Management and Budget (OMB) released a draft of a memorandum setting forth guidance to assist federal agencies in developing regulatory and non-regulatory approaches regarding...more
For Cybersecurity and Privacy, “What Are the Industry Standards? Are We Meeting Them?” These are questions the FTC Chairman, Joseph Simons, strongly suggested a CEO must ask before a data breach occurs to avoid the...more
In a release aptly labeled “A Starting Point for IoT Device Manufacturers” the National Institute of Standards and Technology (NIST), an arm of the Department of Commerce, recently added to the discussion with the...more
FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules - The FTC is seeking comment on proposed changes to the Safeguards Rule and the Privacy Rule under the Gramm-Leach-Bliley Act. The Safeguards Rule...more
The Food & Drug Administration has recently released for comment a draft expansion of guidance regarding Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. Although the FDA issued existing...more
Welcome to October! October 2018 marks the 15th year of the observance of National Cyber Security Awareness Month, a joint effort of the U.S. Department of Homeland Security and the National Cyber Security Awareness Alliance....more
Newly published draft DoD Guidance for Reviewing System Security Plans (SSP) and the “NIST SP 800-171 Security Requirements Not Yet Implemented” answer some questions but may also result in an increased protest docket due to...more
Is this a Start of Something New for Third-Party Management? The demand for responsible cybersecurity in business is ubiquitous. The need to protect information is not limited to the financial services, insurance and...more