Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
The U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) recently announced the publication of three AI guidelines as well as its release of a software package aimed at helping organizations...more
On July 26, 2024, the National Institute for Standards and Technology (“NIST”), part of the Department of Commerce, released guidelines, a global engagement plan, and software covering various aspects of AI technology...more
Whether the game is football, baseball, hockey, or Indy Car racing, no team goes into their major championship matchup without training. Companies need to train as well if they intend to operate on the internet and expect to...more
In March 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released the final version of its secure software development self-attestation common form (Form), requiring federal government contractors who...more
The United States Department of Defense (“DoD”) recently published its Defense Industrial Base Cybersecurity Strategy 2024. For context, the DIB is comprised of more than 100,000 domestic and foreign companies or...more
WHAT: The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published the final version of its Secure Software Development Attestation Common Form (Common Form) and announced...more
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional...more
On October 30, 2023, the US Securities and Exchange Commission ("SEC") announced that it filed charges against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer ("CISO") in connection...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
As we previously discussed, earlier this year the National Institute of Standards and Technology (NIST) launched the Trustworthy and Responsible AI Resource Center. Included in the AI Resource Center is NIST’s AI Risk...more
On June 9, 2023, OMB released additional guidance on the implementation of OMB Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practice, which requires that federal...more
As follow-on guidance to Office of Management and Budget’s (OMB) September 14, 2022 memo and the associated Executive Order on Improving the Nation’s Cybersecurity from May 2021, the Cybersecurity and Infrastructure Security...more
Hollywood is full of them. And unless you are trapped on the Planet of the Apes, caught on the 3:10 to Yuma, or running from Godzilla, you’ve probably seen a movie reboot or two over the past two decades. The term generally...more
On December 29, 2022, President Biden signed a new statute that will significantly impact medical device cybersecurity regulation. Section 3305 of the Consolidated Appropriations Act of 2023 (“Section 3305”) authorizes the...more
As part of the government’s move to “rebalance” responsibilities in cyber, described in the National Cybersecurity Strategy, the United States government on April 13 released a notable document in partnership with several...more
On March 2, 2023, the Biden Administration released its National Cybersecurity Strategy. The Strategy represents the latest push by the Administration to focus on cybersecurity concerns, following the release of Executive...more
Almost two years ago, Executive Order 14028 – Improving the Nation’s Cybersecurity (EO) was issued requiring a host of actions be taken by the Federal Acquisition Regulation (FAR) Council, the National Institute of Standards...more
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
On September 14, 2022, the Office of Management and Budget (OMB) issued much-anticipated guidance on the implementation of Secure Software Development Framework (SSDF) requirements for contractors (The “Guidance Memo”)...more
Takeaway: Security labels on internet-connected devices are on the horizon for companies that manufacture and want to sell such devices worldwide. On October 19, 2022, 50 representatives from different industries including...more
Per Executive Order 14028, Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) issued a memorandum on September 14, 2022 requiring federal agencies to only use software from software producers that...more
The OMB has issued memorandum M-22-18 with new security requirements (the "Rules") requiring federal agencies to ensure that all third-party software they use complies with secure software development standards and guidance...more
Companies providing software to the federal government need to be prepared to attest that their software is NIST (National Institute of Standards and Technology)-compliant within the coming year. On September 14, 2022, the...more