Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
Encryption is one of several cornerstones of a robust information security program. Articles on quantum computing often include the compelling narrative that encryption is at risk, but as with any revolutionary technology,...more
Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more
In a striking move at the end of March, the U.S. Department of Justice (“DOJ”) announced a $4.6 million settlement with MORSE Corp Inc. (“MORSE”), a defense contractor based in Cambridge, Massachusetts, for falsely certifying...more
While some areas of white-collar enforcement have been deprioritized by the Trump Administration, the Department of Justice (DOJ) remains committed to its Civil Cyber-Fraud Initiative as demonstrated by two recent False...more
Quantum computing (QC) is poised to disrupt cybersecurity in ways that business leaders and legal professionals cannot afford to ignore. But what exactly is quantum computing, why does it pose such a significant threat to...more
For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
Organizations seeking to improve their cybersecurity posture in 2025 must assess what happens after an incident has occurred, and how an incident response team will be able to mobilize to respond. This article provides...more
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
FCC Solicits Comment on Amending Accessibility Rules for IVCS: In this Further Notice of Proposed Rulemaking (FNPRM) the Federal Communications Commission (FCC or Commission) requests further comment on whether to amend its...more
The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
Earlier this year, the FAR Council issued a proposed rule to implement the Controlled Unclassified Information (CUI) Program as it relates to federal contracts. The proposed rule is "just one element of a larger strategy to...more
2024 was another active year in cybersecurity, with high-profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
On January 15, 2025, the Federal Acquisition Regulatory Council (FAR Council) proposed two significant rule changes that could reshape compliance obligations for government contractors: one establishing standardized...more
In his final days in office, President Biden signed an ambitious executive order to improve the federal government's approach to cybersecurity. Executive Order 14114 ("Executive Order"), issued January 16, 2025, titled...more
The HIPAA Security Rule was originally promulgated over 20 years ago. While it historically provided an important regulatory floor for securing electronic protected health information, the Security Rule’s lack of...more
The White House has introduced the Cyber Trust Mark program, a voluntary labeling initiative to help consumers easily identify secure Internet of Things (IoT) devices....more
The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of...more
Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
This year’s Data Privacy Week theme is “take control of your data.” That can be really challenging to do. Data is collected from everywhere—whether online or offline—and can be stored and used indefinitely (even if the...more
Former President Joe Biden issued an Executive Order (EO) entitled “Strengthening and Promoting Innovation in the Nation’s Cybersecurity” on January 16, 2025. The EO is designed to...more
On January 16, 2025, former President Biden issued the Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the EO). The EO directs various parts of the federal government to adopt a...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more