Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
During the Biden administration, there was a push to prioritize and modernize cybersecurity responses, and the National Institute of Standards and Technology (NIST) agreed to work with the technology industry to develop a new...more
Government contractors regularly handle sensitive federal data, and cybersecurity compliance is no longer optional—it’s mandatory. A recent settlement between the Department of Justice (DOJ) and defense contractor Raytheon...more
Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more
Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more
While some areas of white-collar enforcement have been deprioritized by the Trump Administration, the Department of Justice (DOJ) remains committed to its Civil Cyber-Fraud Initiative as demonstrated by two recent False...more
FCC Solicits Comment on Amending Accessibility Rules for IVCS: In this Further Notice of Proposed Rulemaking (FNPRM) the Federal Communications Commission (FCC or Commission) requests further comment on whether to amend its...more
On November 22, 2024, Engineers and Geoscientists British Columbia (EGBC) released Use of Artificial Intelligence (AI) in Professional Practice, a practice advisory for EGBC registrants that provides guidelines on the use of...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
Earlier this year, the FAR Council issued a proposed rule to implement the Controlled Unclassified Information (CUI) Program as it relates to federal contracts. The proposed rule is "just one element of a larger strategy to...more
Advancements in artificial intelligence (AI) continue to reshape the financial services industry, with the growing popularity of generative Al (GenAl) tools prompting increased attention from US regulators. At the end of...more
Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
In this post in our series on basic cybersecurity concepts for lawyers (see here and here for prior posts), we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, which is a...more
We have now reached the 180-day mark since the White House Executive Order (EO) on the Safe, Secure and Trustworthy Development of AI and we are seeing a flurry of mandated actions being completed. See here for a summary of...more
On February 26, 2024, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, released Version 2.0 of its Cybersecurity Framework (CSF), the first major update since its...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
On October 30, 2023, the Biden administration released a far-reaching executive order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The EO issues directives related to the use...more
On Oct. 30, 2023, the president issued an Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. The 117-page order includes a range of directives, many of which are aimed at...more