WHAT: FedRAMP has announced that it will be working on a new framework for authorization and assessment of cloud services for federal consumption, calling the initiative “FedRAMP 20X” (announcement here). In response to...more
WHAT: Department of Defense (DOD) Secretary Pete Hegseth issued a memorandum titled “Directing Modern Software Acquisition to Maximize Lethality” that is intended to reform DOD’s procurement involving software development....more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
1/29/2025
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
National Security ,
NIST ,
Regulatory Agenda ,
Regulatory Freeze ,
Regulatory Requirements ,
Risk Management
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
11/22/2024
/ Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Department of Defense (DOD) ,
DFARS ,
Disclosure Requirements ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
NIST ,
Risk Management ,
Software ,
Subcontractors ,
Supply Chain ,
TSA
WHAT: The U.S. Department of Defense (DOD) issued a proposed rule to implement Section 1655(a) and (c) of the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2019 (Pub. L. 115-232). The proposed rule would...more
11/21/2024
/ Cybersecurity ,
Defense Contracts ,
Department of Defense (DOD) ,
Disclosure Requirements ,
Electronic Data Transmissions ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
National Security ,
NDAA ,
Software ,
Supply Chain
WHAT: On October 15, 2024, the U.S. Department of Defense (DOD) published the final CMMC 2.0 Program rule. DOD’s final rule outlines the mechanisms that DOD will use to prescribe cybersecurity standards for safeguarding...more
WHAT: On October 15, 2024, the U.S. Department of Defense (DOD) will publish the final CMMC 2.0 Program rule. DOD’s final rule outlines the mechanisms that DOD will use to prescribe cybersecurity standards for safeguarding...more
Last week, the U.S. Department of Defense (DOD) published a proposed rule that would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a statutory prohibition on DOD awarding contracts with...more
10/11/2024
/ Conflicts of Interest ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Foreign Entities ,
GAO ,
NAICS ,
National Security ,
NDAA ,
Office of Foreign Assets Control (OFAC) ,
PRC ,
Proposed Rules ,
U.S. Commerce Department ,
US Department of State
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
8/15/2024
/ Compliance ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Acquisition Regulations (FAR) ,
FedRAMP ,
General Services Administration (GSA) ,
Government Agencies ,
Information Technology ,
NIST ,
OMB ,
Software
In May 2024, the National Institute of Standards and Technology (NIST) published Special Publication 800-171 Rev 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and the accompanying...more
WHAT: On May 2, 2024, the U.S. Department of Defense (DOD) issued a Defense Federal Acquisition Regulation Supplement (DFARS) class deviation related to the cybersecurity standards required for covered contractor information...more
WHAT: The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published the final version of its Secure Software Development Attestation Common Form (Common Form) and announced...more
WHAT: On February 16, 2024, the U.S. Department of Defense (DOD) posted a 40-minute video overview of DOD’s proposed requirements for the Cybersecurity Maturity Model Certification (CMMC) program. The video is available here,...more
WHAT: The U.S. Department of Defense (DOD) has issued a proposed rule setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The proposed rule primarily...more
WHAT: The U.S. Department of Defense (DOD) has issued a proposed rule setting forth the requirements for its long-anticipated Cybersecurity Maturity Model Certification 2.0 (CMMC) program. The proposed rule primarily...more
WHAT: As we previously reported here, on October 3, 2023, the Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021...more
10/12/2023
/ Cloud Computing ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
DFARS ,
Executive Orders ,
FBI ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
Internet of Things ,
Software ,
Subcontractors
WHAT: The Federal Acquisition Regulatory Council (FAR Council) proposed a pair of major cybersecurity rules intended to implement key parts of President Biden’s May 2021 Executive Order No. 14028 on Improving the Nation’s...more
On June 21, 2023, the U.S. Department of Homeland Security (DHS) issued a final rule that revises the Homeland Security Acquisition Regulation (HSAR) to implement security and privacy measures for contractors to safeguard...more
On June 9, 2023, the Office of Management and Budget (OMB) issued a guidance memorandum, OMB M-23-16, that extends the timeline for agencies to begin collecting attestations for critical and non-critical software from...more
WHAT: On April 25, 2023, the United States Court of Appeals for the Federal Circuit issued a decision in Lockheed Martin Aeronautics Co. v. Secretary of the Air Force, No. 2022-1035, holding that the Contracting Officer’s...more
On April 27, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) issued a Notice of Agency Information Collection Activities to solicit public comments on a...more
WHAT: The U.S. Department of Defense (DOD) issued a final rule that requires contracting officers to consider Supplier Performance Risk System (SPRS) risk assessments when evaluating contractors’ proposals and quotes and when...more
On January 18, the New York Commission on Ethics and Lobbying in Government (COELIG) launched a new online ethics training. Previously, only Individual Lobbyists were required to complete training. Now, all Individual...more
WHAT: The Federal Acquisition Regulatory Council (FAR Council) issued a proposed rule requiring certain contractors to make representations regarding greenhouse gas (GHG) emissions and climate-related financial risk,...more
On May 4, Vermont enacted its first statutory Code of Ethics. The Code will take effect July 1, 2022, and applies to all public servants[1] in Vermont. The Code identifies baseline ethics rules regarding gifts to public...more