Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more
We have now reached the 180-day mark since the White House Executive Order (EO) on the Safe, Secure and Trustworthy Development of AI and we are seeing a flurry of mandated actions being completed. See here for a summary of...more
The Cybersecurity and Infrastructure Agency (CISA) is seeking comment on a proposed rule to implement reporting requirements for critical infrastructure entities, including health care entities, on cyberattacks and ransomware...more
On February 26, 2024, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, released Version 2.0 of its Cybersecurity Framework (CSF), the first major update since its...more
On May 24, 2023, Microsoft announced the detection of a direct threat to critical infrastructure organizations in Guam and elsewhere in the United States. The alert attributed observed malicious activity to a state-sponsored...more
On October 30, 2023, the Biden administration released a far-reaching executive order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The EO issues directives related to the use...more
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular,...more
The US government continues to refine its influential cybersecurity guidance, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), with a substantial update to the CSF expected later this...more
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
SEC Requests Comment on Incident Reporting NPRM for Certain Filings Affected by Technical Glitch: On October 18, the Securities and Exchange Commission (SEC) published a Notice announcing it has re-opened for 14 days the...more
The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here)....more
It has become increasingly clear that improving cybersecurity will be a main focus, and important goal, of the Biden-Harris administration. In May 2021, President Joseph Biden issued an executive order modernizing federal...more
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST...more
In the last several weeks, the Executive and Legislative branches of the United States federal government have taken bipartisan measures to defend the country’s infrastructure from the critical national security threat posed...more
On July 28, 2021, President Biden issued a “National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems” (the “ICS Memo”). The ICS Memo—a product of the 100-day cybersecurity initiative...more
There have been a number of significant legal and policy developments recently related to data and cybersecurity. Some of the most important are...more
On December 4, 2020 the President signed into law the IoT Cybersecurity Improvement Act of 2020, Pub. L. No. 116-207 (the “IoT Act”). The legislative purpose behind the new law is to ensure the highest level of cybersecurity...more
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
Manufacturers of wireless devices used for Internet of Things (IoT) applications should take heed of new Trump Administration proposals aimed at reducing the cybersecurity threats from botnets and other automated and...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
In this month's Privacy & Cybersecurity Update, we review an 11th Circuit case involving the longstanding battle between the FTC and medical company LabMD, recent NIST guidelines for securing devices connected to the...more
In 2013 alone, the U.S. Department of Homeland Security (DHS) and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 256 cyber-incident reports—more than half of them in the energy...more