Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
Open models play a crucial role in fostering a diverse and innovative AI ecosystem. But their irrevocable accessibility also presents challenges for preventing downstream misuse—and that has caught the government’s attention....more
To keep you informed of recent activities, below are several of the most significant federal and state events that have influenced the Consumer Financial Services industry over the past week...more
The National Institute of Standards and Technology (NIST) released for public comment a “Draft Interagency Guidance Framework for Considering the Exercise of March In-Rights” (“March-In Framework”) on December 8, 2023...more
FCC Requests Comment on CPNI/SIM Change Authentication Item: In this Further Notice of Proposed Rulemaking (FNPRM), the Federal Communications Commission (FCC or Commission) seeks comment on whether to harmonize the existing...more
The Biden-Harris Administration recently announced various actions to lower healthcare and prescription drug costs. In one action, the National Institute of Standards and Technology (NIST) released in December 2023 a draft...more
Key Areas for Comment in the Request for Information - Developing guidelines, standards, and best practices for AI safety and security. Developing a companion resource to the Risk Management Framework for generative...more
Under the University and Small Business Patent Procedures Act of 1980 (35 U.S.C. §§ 200-212), commonly referred to as the Bayh-Dole Act, the federal government can exercise “march-in” authority in certain circumstances to...more
On December 19, 2023, the U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) issued a Request for Information (“RFI”) regarding responsibilities set forth in the Executive Order on the Safe,...more
On December 8, 2023, the National Institute of Standards and Technology (NIST) published a draft guidance document regarding the government’s exercise of “march-in” rights under the Bayh-Dole Act. The Bayh-Dole march-in...more
FCC Seeks Comment on Safeguarding and Securing the Open Internet: In this Notice of Proposed Rulemaking (NPRM), the Federal Communications Commission (FCC or Commission) proposes to reinstate the open Internet rules the...more
On November 6, 2023 I submitted a response to the public comments which can be found here. I have also included my comments in full on this blog in a series of posts including the below. The only change in my submission is...more
The National Institute of Standards and Technology (NIST) recently unveiled a proposed update to its Cybersecurity Framework, which was originally developed to provide information security guidelines for “critical...more
As follow-on guidance to Office of Management and Budget’s (OMB) September 14, 2022 memo and the associated Executive Order on Improving the Nation’s Cybersecurity from May 2021, the Cybersecurity and Infrastructure Security...more
On May 10, the National Institute of Standards and Technology (NIST) released its initial public draft of SP 800-171, Revision 3, a set of updated guidelines aimed at helping organizations better handle confidential...more
The HHS Office for Civil Rights is requesting comments about HIPAA covered entities’ and business associates’ implementation of “recognized security practices” and payments to “harmed individuals” from funds the agency...more
Public comments on updating the National Institute of Standards and Technology’s (NIST), the Framework for Improving Critical Infrastructure Cybersecurity (CSF), highlight private and public sector interest in this core...more
The US Department of Health Human Services (HHS) is seeking public comments about the appropriate role of “recognized security practices” in enforcement of the HIPAA Security Rule. Congress, through an amendment to the HITECH...more
On April 6, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking public comment on "recognized security practices" and on sharing civil...more
I. Background for The Withdrawal from the 2013 Policy Statement - In December 2018, former Assistant Attorney General for Antitrust Makan Delrahim announced DOJ’s withdrawal from the 2013 Statement....more
Key Wireless Deadlines- FCC Seeks Comment on Expanding Commercial Use of the 70/80/90 GHz Bands: The Federal Communications Commission (FCC or Commission) requests reply comments, via Public Notice, by January 3 to...more
On December 20, 2021, The National Institute of Standards and Technology (NIST) released its draft interagency report 8403 on “Blockchain for Access Control Systems”. As the report’s abstract states:...more
The National Institute of Standards and Technology (NIST) issued a request for public comment to help guide the development of the current and future state of technology in eight emerging technology areas. Those areas include...more
On November 17, 2021, the U.S. Department of Defense (DOD) published an Advanced Notice of Proposed Rulemaking (ANPRM) previewing significant changes to its Cybersecurity Maturity Model Certification (CMMC) program.1 The...more
Consumer software providers will soon have the option to label their software as compliant with National Institute of Standards and Technology (NIST) standards for software security. On November 1, 2021, NIST published its...more
FCC Seeks Public Comment on the Current and Future Regulation of the “Internet of Things” - The FCC is requesting public comment in a proceeding that will help determine the scope and nature of regulation of the “Internet of...more