Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI...more
As promised in the U.S. Department of Health and Human Services (HHS) concept paper in December 2023, the agency published voluntary health care and public health cybersecurity performance goals (HPH CPGs) in January 2024 and...more
The Federal Communications Commission (FCC) recently approved a voluntary Internet of Things (IoT) Labeling Program, which allows manufacturers of IoT products to earn the FCC’s approval to display a “U.S. Cyber Trust Mark”...more
The Federal Communications Commission (FCC) has created a baseline for wireless consumer IoT products to protect against cybersecurity threats. The voluntary program uses criteria established by the National Institute of...more
NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
The National Institute of Standards and Technology ("NIST") released a significant update to its framework, expanding its scope and reach to cover a broader audience and evolving cybersecurity risks and management issues....more
Welcome to this month's issue of The BR Privacy & Security Download, the digital newsletter of Blank Rome’s Privacy, Security & Data Protection practice....more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
The National Institute of Science and Technology (NIST) has released NIST Cybersecurity Framework (2.0) (Framework 2.0). NIST released two earlier versions of the Framework for Improving Critical Infrastructure Cybersecurity...more
On February 26, 2024, the National Institute of Standards and Technology (NIST), an agency within the U.S. Department of Commerce, released Version 2.0 of its Cybersecurity Framework (CSF), the first major update since its...more
Trade secrets have become a de facto intellectual property right for securing valuable artificial intelligence information. Despite regulatory trends toward greater transparency of AI models, federal policy acknowledges,...more
Cybersecurity compliance, governance, and disclosure practices have evolved significantly over the past decade. As we have noted in prior blog posts, the U.S. Securities and Exchange Commission is requiring cybersecurity...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes...more
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for...more
On February 22, 2024, the Federal Communications Commission (FCC or “Commission”) released a Public Draft of a Report and Order that, if adopted, would establish a voluntary labeling program for Internet of Things (IoT)...more
Crypto Firms Make Acquisitions, Integrate Products; New Crypto Index Launches - According to a recent press release, a major U.S. fintech company has announced an agreement to acquire a major digital asset custody provider....more
On February 16, 2024, the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a final version of the cybersecurity resource guide (the “Guide”) with respect to the HIPAA...more
NIST Publishes Report on the Cybersecurity of Genomic Data. On December 20, 2023, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. Informed by direction...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
Our Health Care and Privacy, Cyber & Data Strategy Groups delve into the Department of Health and Human Services’ extensive efforts to encourage health care organizations to better protect patients’ privacy through better...more
FCC Requests Comment on CPNI/SIM Change Authentication Item: In this Further Notice of Proposed Rulemaking (FNPRM), the Federal Communications Commission (FCC or Commission) seeks comment on whether to harmonize the existing...more
The Federal Trade Commission (“FTC”) highlights lessons learned on privacy, data security, truth in advertising, and artificial intelligence (“AI”) in new guidance drawing from recent enforcement actions involving genetic...more
As a lawyer working in a firm with a sophisticated legal team providing robust regulatory, government contract, and cybersecurity services, our Christmas present and holiday reading arrived early with the publication of the...more
The U.S. Department of Defense (DoD) has issued its long-awaited proposed rule implementing its Cybersecurity Maturity Model Certification (CMMC) program to protect sensitive, unclassified government information in the...more