Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more
Earlier this year, the FAR Council issued a proposed rule to implement the Controlled Unclassified Information (CUI) Program as it relates to federal contracts. The proposed rule is "just one element of a larger strategy to...more
Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more
On January 16, 2025, President Biden issued Executive Order 14144 on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the “EO”). Building on prior initiatives such as Executive Order 14028 and the...more
In this episode, Wiley partners Gary Ward, Tracye Howard, and Craig Smith examine the ongoing developments related to implementation of the Cybersecurity Maturity Model Certification (CMMC) program. They discuss the current...more
The National Institute of Standards and Technology released an updated version of its Cybersecurity Framework, CSF 2.0. earlier this week. The CSF, initially launched in 2014, is a tool developed by NIST to help private...more
On May 10, the National Institute of Standards and Technology (NIST) released its initial public draft of SP 800-171, Revision 3, a set of updated guidelines aimed at helping organizations better handle confidential...more
Legislative Update - Defense Federal Acquisition Regulation Supplement: Use of Supplier Performance Risk System (SPRS) Assessments (DFARS Case 2019–D009) DoD issued a final rule amending the DFARS to update the policy...more
Almost two years ago, Executive Order 14028 – Improving the Nation’s Cybersecurity (EO) was issued requiring a host of actions be taken by the Federal Acquisition Regulation (FAR) Council, the National Institute of Standards...more
Currently defense contractors who receive or create Controlled Unclassified Information (“CUI”) from or for the U.S. Department of Defense (“DoD”) are subject to several contract-based cybersecurity requirements, including...more
On June 16, 2022, the Department of Defense (DoD) issued a memorandum to its contracting officers emphasizing their obligation to monitor compliance by DoD contractors with the cybersecurity requirements of their contracts....more
People like to say that cybersecurity threats are constantly evolving. So perhaps it’s fitting that cybersecurity compliance is undergoing a significant evolution of its own this year, too. That evolution is the arrival of...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the New York Department of Financial Services' issuance of the first-ever cyber insurance risk guidance framework, the Eleventh Circuit's ruling...more
After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a...more
NIST recently released the final public draft of SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (formerly Draft NIST SP...more
The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks. Based on an in-depth...more
On a limited budget, government contractors need to be compliant with a litany of statutes, regulations, and industry standards in order to remain competitive in the marketplace. This has become particularly true in the...more
The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for...more
“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government...more
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
Is Controlled Unclassified Information Out of Control? The OMB apparently thinks so. On August 11, 2015, the Obama administration, through the Office of Management and Budget (OMB), which is the largest office within the...more
On August 26, 2015, the Department of Defense (DoD) published a long-awaited Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to require “rapid” reporting of “cyber incidents” that result in...more