Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
On April 14, 2025, the National Institute of Standards and Technology (NIST) released a draft update to the NIST Privacy Framework 1.1. The updates are meant to enhance organizations’ data governance and risk management and...more
In 2023, an Australian mayor was getting ready to take legal action against OpenAI. The reason? The company’s chatbot, ChatGPT, shared a fake story about him being involved in a bribery scandal. ...more
Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more
The Department of Justice (DOJ) recently reached a $4.6 million civil False Claims Act (FCA) settlement with MORSECORP, Inc. (MORSE) arising out of allegations that the company failed to comply with Department of Defense...more
In a striking move at the end of March, the U.S. Department of Justice (“DOJ”) announced a $4.6 million settlement with MORSE Corp Inc. (“MORSE”), a defense contractor based in Cambridge, Massachusetts, for falsely certifying...more
While some areas of white-collar enforcement have been deprioritized by the Trump Administration, the Department of Justice (DOJ) remains committed to its Civil Cyber-Fraud Initiative as demonstrated by two recent False...more
On April 3, NIST published practical incident response guidance aligned with its CSF 2.0 framework. The guidance outlines best practices in security incident preparation and response for organizations mapped across each of...more
On March 26, 2025, the Department of Justice (DOJ) entered into a settlement agreement with MORSECORP, Inc. (MORSE), resolving False Claims Act (FCA) allegations that MORSE submitted false claims for payment under Department...more
A recent United States Department of Justice (DOJ) announcement reinforces that enforcement of cybersecurity requirements under the False Claims Act (FCA) remains an ongoing risk. According to the press release, defense...more
Amid ongoing policy shifts in Washington, the federal government’s interest in pursuing civil cyber-fraud cases appears to be here to stay. In October 2021, the Department of Justice (DOJ) initiated its Civil Cyber-Fraud...more
Quantum computing (QC) is poised to disrupt cybersecurity in ways that business leaders and legal professionals cannot afford to ignore. But what exactly is quantum computing, why does it pose such a significant threat to...more
On March 18, the US Court of Appeals for the DC Circuit ruled that an AI model cannot be the author of copyrighted material under existing copyright law. The court affirmed the US Copyright Office’s long-standing human...more
For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more
Cyber incidents such as the 2024 event involving Change Healthcare, which compromised the personal information of over 100 million people, highlight the evolving nature of cyber threats – increasingly becoming risk management...more
The integration of artificial intelligence (AI) tools in healthcare is revolutionizing the industry, bringing efficiencies to the practice of medicine and benefits to patients. However, the negotiation of third-party AI tools...more
Members of the health care and financial industries, along with other industries that hold sensitive data, are warned that a ChatGPT vulnerability is being actively exploited by threat actors to attack security flaws in AI...more
Federal contractors, including defense contractors, should prepare for the emergence of new requirements in the coming months that are designed to strengthen software supply chain security, impose more stringent cybersecurity...more
Organizations seeking to improve their cybersecurity posture in 2025 must assess what happens after an incident has occurred, and how an incident response team will be able to mobilize to respond. This article provides...more
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
Virginia has become the first state in 2025 to pass comprehensive artificial intelligence regulation, with lawmakers approving the "High-Risk Artificial Intelligence Developer and Deployer Act" (HB 2094). The legislation,...more
FCC Solicits Comment on Amending Accessibility Rules for IVCS: In this Further Notice of Proposed Rulemaking (FNPRM) the Federal Communications Commission (FCC or Commission) requests further comment on whether to amend its...more
Accountability is a pervasive AI principle. But how to put it into practice? Accountability is a pervasive AI principle. But how to put it into practice? If you’re reading this note, you likely already know three things:...more
To help you stay on top of the latest news, our AI practice group has compiled a roundup of the developments we are following....more
The Department of Justice’s (DOJ) final rule implements President Biden’s Executive Order 14117 of February 28, 2024, on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more