The past two presidential administrations have seen major shifts in U.S. trade policy impacting all aspect of the digital ecosystem, from trade in physical technology products to new initiatives limiting data flows. Join...more
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
8/16/2024
/ Controlled Unclassified Information (CUI) ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Proposed Rules ,
Reporting Requirements
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
8/15/2024
/ Compliance ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Acquisition Regulations (FAR) ,
FedRAMP ,
General Services Administration (GSA) ,
Government Agencies ,
Information Technology ,
NIST ,
OMB ,
Software
Verizon released its Data Breach Investigations Report (DBIR) for 2024, an annual treat that highlights some trends companies should be aware of as they manage their cybersecurity programs and respond to and anticipate new...more
The proliferation of cybersecurity regulations has the White House and Congress calling for harmonization to streamline regulations, focus on reciprocity, and decrease compliance costs. Senator Gary Peters (D-MI), chair of...more
6/10/2024
/ Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
Federal Trade Commission (FTC) ,
Information Technology ,
NDAA ,
NIST ,
OMB ,
Regulatory Agenda
Companies, particularly those in “critical infrastructure” sectors, have seen a dramatic increase in cybersecurity regulatory requirements in just the past few years – and the White House is looking to move faster. At the...more
The Security and Exchange Commission (SEC) Director of the Division of Corporate Finance, Erik Gerding, released a statement on May 21, 2024 that may have regulated entities scratching their heads about compliance and the...more
WHAT: The Federal Acquisition Regulatory Council (FAR Council) issued an advanced notice of proposed rulemaking (ANPR) to implement parts of Section 5949 of the James M. Inhofe National Defense Authorization Act (NDAA) for...more
While the FCC is well-known for broadcast and telecom regulation, the Commission regulates broadly, reaching communications networks, the marketing and sale of electronic devices, space-based services, diverse grant and...more
5/13/2024
/ Broadband ,
Enforcement Actions ,
Enforcement Authority ,
FCC ,
Federal Communications Act ,
Federal Trade Commission (FTC) ,
Internet ,
Internet Service Providers (ISPs) ,
Investigations ,
State Attorneys General ,
Telecommunications ,
Title II ,
Webinars
On May 1, the Federal Communications Commission (FCC or Commission) released a draft Notice of Proposed Rulemaking (draft NPRM or Draft) regarding the Commission’s equipment authorization program. The bipartisan proposal –...more
WHAT: On May 2, 2024, the U.S. Department of Defense (DOD) issued a Defense Federal Acquisition Regulation Supplement (DFARS) class deviation related to the cybersecurity standards required for covered contractor information...more
On April 30, 2024 the White House updated the foundational U.S. government policy that defines critical infrastructure (CI) sectors and establishes a coordination structure within the federal government to support owners and...more
These days, cyber regulators are in a hurry. Commentators have observed, the “federal government is quietly directing a seismic shift in the economy” with new mandates. Ann Neuberger, Deputy National Security Advisor for...more
4/2/2024
/ ANSI ,
Cloud Service Providers (CSPs) ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Framework ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Homeland Security (DHS) ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Information Security Modernization Act (FISMA) ,
NIST ,
OSHA ,
Regulatory Agenda
The U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is publishing a proposed rule (Proposal or NPRM) that will require broad segments of industry to meet onerous and quick...more
4/1/2024
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Homeland Security (DHS) ,
Financial Services Industry ,
Food and Drug Administration (FDA) ,
Healthcare ,
ICANN ,
Information Technology ,
NPRM ,
Popular ,
Ransomware ,
Recordkeeping Requirements ,
Securities and Exchange Commission (SEC)
On March 5, 2024, the Department of Justice (DOJ) issued an Advance Notice of Proposed Rulemaking (ANPRM) regarding Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern. The...more
3/14/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Artificial Intelligence ,
Big Data ,
Cross-Border ,
Customer Proprietary Network Information (CPNI) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Framework ,
Data Transfers ,
Department of Justice (DOJ) ,
Executive Orders ,
Military Service Members ,
National Security ,
Popular ,
Sensitive Personal Information ,
USTR ,
WTO
On March 1, 2024, at the direction of President Biden, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) published an Advanced Notice of Proposed Rulemaking (ANPRM) seeking public comment on the proposed...more
3/11/2024
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Automotive Industry ,
Bureau of Industry and Security (BIS) ,
Connected Cars ,
Critical Infrastructure Sectors ,
Department of Justice (DOJ) ,
Executive Orders ,
Foreign Adversaries ,
Information and Communication Technology (ICT) ,
National Security ,
OEM ,
U.S. Commerce Department
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
On February 28, 2024, the White House released a highly anticipated and far-reaching Executive Order (EO) that directs several new regulatory steps to limit the transfer of sensitive personal data outside of the United States...more
3/4/2024
/ Artificial Intelligence ,
Bureau of Industry and Security (BIS) ,
CFIUS ,
Consumer Financial Protection Bureau (CFPB) ,
Cross-Border Transactions ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Executive Orders ,
Mobile Apps ,
Office of Foreign Assets Control (OFAC) ,
Privacy Concerns ,
Secretary of Defense ,
Sensitive Personal Information ,
Smart Devices ,
Telecommunications ,
U.S. Commerce Department
States around the country have been enacting laws to regulate the internet in the name of children’s safety. Several of these regulatory schemes have been preliminarily enjoined because they burden free speech and raise other...more
On February 22, 2024, the Federal Communications Commission (FCC or “Commission”) released a Public Draft of a Report and Order that, if adopted, would establish a voluntary labeling program for Internet of Things (IoT)...more
2/26/2024
/ Consumer Product Safety Commission (CPSC) ,
Cybersecurity ,
FCC ,
Food and Drug Administration (FDA) ,
International Harmonization ,
Internet of Things ,
Labeling ,
National Security ,
NIST ,
NPRM ,
Popular ,
Product Labels
Federal regulators continue to target Artificial Intelligence (AI), using colorful rhetoric to signal skepticism and justify regulatory oversight. In recent remarks addressing the use of AI in financial markets, SEC Chairman...more
WHAT: On February 16, 2024, the U.S. Department of Defense (DOD) posted a 40-minute video overview of DOD’s proposed requirements for the Cybersecurity Maturity Model Certification (CMMC) program. The video is available here,...more
WHAT: Deputy Attorney General (DAG) Lisa O. Monaco delivered remarks at the University of Oxford in the United Kingdom on “the Promise and Perils of AI.” Her remarks focused on the U.S. Department of Justice’s (DOJ) use of...more
2/21/2024
/ Artificial Intelligence ,
Consumer Financial Protection Bureau (CFPB) ,
Corporate Counsel ,
Cyber Crimes ,
Cybersecurity ,
Department of Justice (DOJ) ,
Equal Employment Opportunity Commission (EEOC) ,
FCC ,
Federal Contractors ,
Federal Trade Commission (FTC) ,
OMB ,
Popular ,
White Collar Crimes
We continue to track developments affecting government contractor cybersecurity and supply chains, as the federal government churns out proposals and rules. Wiley’s supply chain, cyber, government contracts, and national...more
On Thursday, February 8, 2024, the FCC issued a Declaratory Ruling – by unanimous vote – to confirm that Telephone Consumer Protection Act (TCPA) rules apply to calls that use artificial intelligence (AI) technology to...more