Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
As discussed in a previous post, in 2022, the Quantum Computing Cybersecurity Preparedness Act ordered an examination of federal administrative agencies' data cryptography to prepare for a future where quantum computing is...more
The Order marks an ambitious effort to stand up a whole-of-government approach to encouraging the benefits and managing the risks of artificial intelligence, with many of its most significant private-sector implications...more
This first part of a two-part series on U.S. regulation of artificial intelligence systems provides an overview and modern context for the existing regulatory, legal and risk management landscape for AI systems in the U.S.,...more
Following the release of President Biden’s National Cybersecurity Strategy, Acting National Cyber Director Kemba Walden explained that the Biden Administration is “expecting more” from owners and operators in critical...more
NIST continues to work on several cybersecurity and privacy workstreams of interest to the private sector. While NIST has traditionally supported federal agencies’ IT security, over the past several years it has taken on (and...more
On May 12, President Biden signed an Executive Order on Improving the Nation’s Cybersecurity. The order comes on the heels of a number of recent widely reported cybersecurity crises, including the Solar Winds and Microsoft...more
Companies providing information technology products and services to U.S. government agencies are now required to notify such agencies of cyber incidents and meet specific cybersecurity standards. The executive order attempts...more
On Wednesday, the White House released a widely anticipated Executive Order on Improving the Nation’s Cybersecurity (EO). The EO addresses four major areas of cybersecurity maturity for the federal government and its private...more
The National Institute of Standards and Technology (NIST) has been an active driver of Internet of Things (IoT) cybersecurity efforts for several years, convening stakeholders from the federal government and the private...more
Last month, the Department of Homeland Security’s (DHS), Cybersecurity and Infrastructure Security Agency (CISA), issued a comprehensive Insider Threat Mitigation Guide to help organizations establish or enhance insider...more
NIST’s news draft guidance, Special Publication 800-53B, Control Baselines for Information Systems and Organizations, provides important information on selecting both security and privacy control baselines for the Federal...more
In recent weeks and months, legal and technical issues related to use of facial recognition systems in the United States have received national attention, including concerns that the technology lacks accuracy in identifying...more
Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property, or sensitive company files. The federal government and, thus, its private...more
New technologies enhance the capabilities and efficiency of the energy industry. But these technologies also bring increasing cyber risks to the industry, the economy, and national security. Recognizing that critical energy...more
Congress has enacted a recent wave of legislation to address ongoing cybersecurity threats; the Executive Branch, on May 12, 2016, adopted new cybersecurity regulations; and other Federal initiatives are underway and will...more
On December 28, 2015, the Ministry of Industry and Information Technology of China (the MIIT) released the newly revised Classification Catalogue of Telecommunications Services (2015 Catalogue) and the new Catalogue is due to...more
An interagency working group led by The National Institute of Standards and Technology (NIST) and The Department of Commerce recently published a draft report (the “Report”) recommending that the U.S. government increase its...more
The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their...more
The White House, on February 10, 2015, announced the creation of a new federal agency, the Cyber Threat and Intelligence Integration Center (“CTIIC” or the “Center”), to combat cyber-threats by coordinating digital...more