Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
As a lawyer working in a firm with a sophisticated legal team providing robust regulatory, government contract, and cybersecurity services, our Christmas present and holiday reading arrived early with the publication of the...more
The U.S. Department of Defense (DoD) has issued its long-awaited proposed rule implementing its Cybersecurity Maturity Model Certification (CMMC) program to protect sensitive, unclassified government information in the...more
The U.S. Department of Defense released a special holiday treat for government contractors and subcontractors last week in the form of long-promised proposed regulations for its Cybersecurity Maturity Model Certification...more
2023 has been a big year for AI with the landmark Executive Order for Safe, Secure, and Trustworthy Artificial Intelligence (EO) adding to the already busy and dynamic AI landscape. Issued less than two months ago, the EO has...more
On October 30, 2023, the Biden administration issued its long-awaited artificial intelligence (AI) executive order (EO), which issues directives to over 20 federal agencies, with the deadline for implementation spanning...more
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National...more
This first part of a two-part series on U.S. regulation of artificial intelligence systems provides an overview and modern context for the existing regulatory, legal and risk management landscape for AI systems in the U.S.,...more
Each month, Venable's Government Contracts Group publishes a summary of recent legal developments of interest to the government contractor community. President Signs Fiscal Responsibility Act Suspending Debt Ceiling: The...more
On December 29, 2022, President Biden signed a new statute that will significantly impact medical device cybersecurity regulation. Section 3305 of the Consolidated Appropriations Act of 2023 (“Section 3305”) authorizes the...more
On March 2, 2023, the White House Office of the National Cyber Director (ONCD) released the National Cybersecurity Strategy (“Strategy”). The Strategy outlines the Administration’s priorities for cyber regulations and policy....more
Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we...more
In 2020, Congress passed the National Artificial Intelligence Initiative Act (NAIIA) to strengthen Artificial Intelligence (AI) advances and innovations across multiple sectors by providing investments to National AI Research...more
This article is the third and final installment in a series of articles about how lawyers can better serve their clients by involving themselves in cybersecurity planning at an early stage. Just like Return of the Jedi was...more
This is not a blog post about the CMMC. The blogosphere is saturated with CMMC content, and the longer the program stretches into indefiniteness, the more content is delivered to an audience drowning it out....more
While the DoD charts a path forward on CMMC, the USG is emphasizing the need to comply with existing cyber obligations in government contracts and taking steps to enforce compliance with those obligations. The June 16 Memo...more
Takeaway: The DOJ’s Cyber Fraud Initiative and qui tam actions under the False Claims Act represent signification enforcement mechanisms for cybersecurity contractor compliance. On the eve of 2022, the United States began...more
The U.S. Department of Defense (DoD) recently released a memorandum signaling its increasing willingness to review contractor compliance with cybersecurity standards in its contracts and take action against noncompliant...more
A seven-year long False Claims Act suit comes to an end after Aerojet Rocketdyne reaches a $9 million settlement agreement for its alleged false certification of compliance with cybersecurity requirements. In the settlement...more
On February 22, 2022, the U.S. Department of Defense (DoD) Office of Inspector General (OIG) issued a report centered on ten academic and research institutions that develop military technologies. The OIG report focused on...more
Last November, the U.S. Department of Defense (DOD) announced sweeping changes to the Cybersecurity Maturity Model Certification (CMMC) program in a new “version 2.0.” Although we are still awaiting the interim regulations,...more
What: Cleared Defense Contractors (CDCs) are being actively targeted by Russian state-sponsored cyber activity, according to a Joint Cybersecurity Advisory from the Federal Bureau of Investigation (FBI), National Security...more
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
On November 4, 2021, the Department of Defense (DoD) announced significant changes to the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program. Specifically, DoD stated that the goal of these...more
After months of review, on November 4, 2021, the Department of Defense (DoD) finally unveiled its new version of the Cybersecurity Maturity Model Certification (CMMC 2.0). Well, almost. In a blink-and-you’ll-miss-it moment,...more
WHAT: On November 4, 2021, the U.S. Department of Defense (DOD) announced the completion of a months-long internal review and significant changes to the strategic direction of its Cybersecurity Maturity Model Certification...more