Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - The Role of Managed Service Providers with Stuart Itkin
The When, Where, Why and How of CMMC with Fernando Machado
Podcast - The State of Contractor Cybersecurity with Katie Arrington
What Do the Newly Released CMMC 2.1 Documents Mean?
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
Cybersecurity for Government Contractors: Success Through Compliance Readiness
Torres Talks Trade Podcast- Episode 2- Cybersecurity, the Department of Defense, and the Private Sector/Government Contracting
Compliance Into The Weeds - Retreat on DoD Cybersecurity for Contractors
Cybersecurity and 889 Compliance in 2021: What Government Contractors Need to Know
Marti Arvin and Anthony Buenger on the CMMC Framework
COVID-19’s Impact on Cybersecurity – Don’t Let Your Data Privacy, Security and Regulatory Compliance Waver
Government Contracts Cyber Café Series: Documentation - Straight Talk About CMMC
CMMC Is Coming: Are You Ready?
Government Contracts Cyber Café: 2019 Wrap Up and Privacy, CMMC, and GRC in 2020
Government Contracts Cyber Café: Emerging Evolution of Cybersecurity Maturity Model Certification
The Department of Defense (DoD) recently issued a memo titled, "Implementing the Cybersecurity Maturity Model Certification (CMMC) Program: Guidance for Determining Appropriate CMMC Compliance Assessment Levels and Process...more
The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of...more
On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
Publications & Advisories - November 2024 – Kathleen Benway, Jennifer Everett, Alysa Austin, and Kristen Bartolotta published “Federal Trade Commission’s Updated Health Breach Notification Rule Is Now in Effect” in Employee...more
Merger and acquisition (M&A) activity is often the lifeblood of corporate growth. While whole treatises can be, and have been, written on cybersecurity and legal challenges during M&A activity, the following are a few key...more
Since 2016, the federal government has implemented numerous procurement regulations and associated contract clauses to address cybersecurity by requiring contractors to adopt various controls and standards to protect...more
On August 15, 2024, the Department of Defense (DOD) announced the much-anticipated Proposed Rule that would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to include Cybersecurity Maturity Model...more
In May, the National Institute of Standards and Technology (NIST) issued updated recommendations for security controls for controlled unclassified information (CUI) that is processed, stored or transmitted by nonfederal...more
On May 14, 2024, the National Institute of Standards and Technology (NIST) dropped the third remix…er, revision…of its Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems...more
In this series of articles, we explore the different certification requirements of CMMC Levels 1, 2 and 3; the impact on contractors and external service providers; and proposed next steps... On December 26, 2023, the US...more
On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC...more
The U.S. Department of Defense released a special holiday treat for government contractors and subcontractors last week in the form of long-promised proposed regulations for its Cybersecurity Maturity Model Certification...more
Cybersecurity continues to be top of mind for federal and state policymakers. This advisory identifies and analyzes some major recent developments that present opportunities and challenges in the coming months for a broad...more
Hollywood is full of them. And unless you are trapped on the Planet of the Apes, caught on the 3:10 to Yuma, or running from Godzilla, you’ve probably seen a movie reboot or two over the past two decades. The term generally...more
The Biden Administration released its Fall 2022 regulatory agenda (Regulatory Agenda) on Jan. 4, 2023. In it, the administration outlined regulations aimed at cybersecurity requirements for government contractors, the...more
ACI’s 5th National Forum on FOCI is back IN PERSON this September! Don’t miss the only comprehensive, practical FOCI event of its kind. The Defense Counterintelligence Security Agency (DCSA) is heightening its scrutiny and...more
Last November, the U.S. Department of Defense (DOD) announced sweeping changes to the Cybersecurity Maturity Model Certification (CMMC) program in a new “version 2.0.” Although we are still awaiting the interim regulations,...more
On December 15, 2021, Congress passed the National Defense Authorization Act (NDAA or Act) for Fiscal Year (FY) 2022, which President Biden is expected to sign into law soon. As usual, the NDAA contains numerous provisions...more
2020 saw the implementation of several game-changing regulations for government contractors. None the least of these were related to DOD’s Cybersecurity Maturity Model Certification (CMMC) and Section 889 of the National...more
Our Privacy, Cyber & Data Strategy Team updates the slow progress of the Cybersecurity Maturity Model Certification and the slower progress of clearing assessment organizations that can actually certify contractors....more
People like to say that cybersecurity threats are constantly evolving. So perhaps it’s fitting that cybersecurity compliance is undergoing a significant evolution of its own this year, too. That evolution is the arrival of...more