On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
1/21/2025
/ Compliance ,
Contractors ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
Incident Response Plans ,
NIST ,
Regulatory Agenda ,
Regulatory Requirements ,
Regulatory Standards ,
Risk Management ,
Subcontractors ,
Training
Virginia, a leader in technology and privacy related regulations, is methodically examining artificial intelligence legislation. In particular, significant legislation establishing a regulatory framework for high-risk...more
12/19/2024
/ Artificial Intelligence ,
Disclosure Requirements ,
Legislative Agendas ,
Machine Learning ,
New Legislation ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector ,
Transparency ,
Virginia
The Time Is Now for Defense Contractors To Get Compliant.
If you work for a defense contractor or subcontractor responsible for handling controlled unclassified information (CUI) and/or federal contract information...more
The United States Department of Defense (DoD) took another big step on the path to instituting its highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0). Once finalized, CMMC 2.0 will establish...more
8/21/2024
/ Certification Requirements ,
Comment Period ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Proposed Rules ,
Subcontractors
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
4/15/2024
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Environmental Social & Governance (ESG) ,
Information Technology ,
NIST ,
Risk Assessment ,
Sensitive Personal Information ,
Software
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
3/28/2024
/ Biden Administration ,
Comment Period ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Preservation ,
Data Privacy ,
New Legislation ,
New Rules ,
Popular ,
Proposed Rules ,
Public Comment ,
Reporting Requirements
On March 12, 2024, the U.S. Department of Defense (DoD) published a final rule (pdf) that dramatically expands access to defense contractors seeking to join the DoD’s voluntary Defense Industrial Base Cybersecurity Program...more
On March 13, 2024, the European Union’s parliament formally approved the EU AI Act (pdf), making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology. The EU...more
3/14/2024
/ Artificial Intelligence ,
Biometric Information ,
Disclosure Requirements ,
Endorsements ,
Enforcement ,
EU ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Governance Standards ,
Noncompliance ,
Penalties ,
Safeguards Rule ,
Transparency
In January 2024, Virginia Governor Glenn Youngkin announced and signed Executive Order 30 on Artificial Intelligence (EO 30), establishing “important safety standards to ensure the responsible, ethical, and transparent use of...more
3/12/2024
/ Applications ,
Architecture ,
Artificial Intelligence ,
Colleges ,
Data Protection ,
Disclaimers ,
Educational Institutions ,
Executive Orders ,
Legislative Agendas ,
NIST ,
Policies and Procedures ,
Public Schools ,
Risk Management ,
State and Local Government ,
State Legislatures ,
State Privacy Laws ,
Technology ,
Universities ,
Virginia
On February 28, 2024, U.S. President Joe Biden issued Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (EO), which authorizes...more
3/5/2024
/ Biden Administration ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Department of Justice (DOJ) ,
Executive Orders ,
International Data Transfers ,
New Regulations ,
Personal Data ,
Popular ,
Proposed Regulation ,
Regulatory Reform
The U.S. Department of Defense (DoD) released a proposed rule to implement its Cybersecurity Maturity Model Certification (CMMC) program, which would establish a comprehensive set of cybersecurity requirements applicable to...more
3/1/2024
/ Applications ,
Certifications ,
Contractors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Privacy ,
Department of Defense (DOD) ,
Federal Contractors ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Regulatory Requirements ,
Small Business ,
Subcontractors
For businesses subject to California Consumer Privacy Act (CCPA), privacy compliance just became urgent. A California appellate court agreed on February 9, 2024, with the California Privacy Protection Agency (CPPA) that there...more
2/15/2024
/ Audits ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
New Regulations ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws ,
Technology Sector
CISA’s Incident Response Guide outlines ways in which WWS owners and operators can engage with federal agencies to prepare for, mitigate, and respond to cyber incidents, including best practices for incident response and...more
2/7/2024
/ Best Practices ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Environmental Protection Agency (EPA) ,
FBI ,
Incident Response Plans ,
Waste Treatment Facilities ,
Wastewater ,
Water
The updated data breach notification rules broaden the definition of what is considered a breach and expand the scope of who must be notified when a data breach occurs.
The Federal Communications Commission (FCC or...more