Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
As discussed in a previous post, in 2022, the Quantum Computing Cybersecurity Preparedness Act ordered an examination of federal administrative agencies' data cryptography to prepare for a future where quantum computing is...more
On May 2, 2024, the U.S. Department of Defense (DoD) issued an important class deviation that provides necessary relief for contractors endeavoring to comply with ever-changing cybersecurity requirements. The deviation...more
In March 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released the final version of its secure software development self-attestation common form (Form), requiring federal government contractors who...more
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National...more
The Federal Acquisition Regulatory (FAR) Council on Oct. 3, 2023, issued two proposed rules to partially implement President Biden's Executive Order on Improving the Nation's Cybersecurity. The first proposed rule imposes...more
The National Institute of Standards and Technology (NIST) has released an initial public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Compliance...more
Currently defense contractors who receive or create Controlled Unclassified Information (“CUI”) from or for the U.S. Department of Defense (“DoD”) are subject to several contract-based cybersecurity requirements, including...more
On September 14, 2022, the Office of Management and Budget (OMB) issued much-anticipated guidance on the implementation of Secure Software Development Framework (SSDF) requirements for contractors (The “Guidance Memo”)...more
Per Executive Order 14028, Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) issued a memorandum on September 14, 2022 requiring federal agencies to only use software from software producers that...more
On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The...more
What: Cleared Defense Contractors (CDCs) are being actively targeted by Russian state-sponsored cyber activity, according to a Joint Cybersecurity Advisory from the Federal Bureau of Investigation (FBI), National Security...more
The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October...more
On May 12, 2021, President Biden signed a sweeping Executive Order (EO) to protect federal government networks and software supply chains against increasing threats of attacks from malicious cyber actors, setting the stage...more
On May 12, 2021, President Joe Biden issued a comprehensive Executive Order (EO) on Improving the Nation's Cybersecurity that promises sweeping changes in federal contracts for information technology (IT), cloud services and...more
On Wednesday, May 12, 2021, President Biden issued an ambitious and sweeping Executive Order focused on combating digital threats to US networks and infrastructure. The Executive Order on Improving the Nation’s Cybersecurity...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
Standard, everyday appliances like dishwashers and ovens, and necessary devices such as lights and thermostats, are increasingly likely to be Wi-Fi enabled, allowing them to send and receive data. These objects are widely...more
Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program...more
Through ADG Insights, we share with you the top legal and political issues affecting the aerospace, defense, and government services (ADG) industry. Our ADG industry team monitors the latest developments to help our clients...more
Under DFARS Clause 252.204-7012, certain government contractors that store, process or transmit technical information that is controlled under the International Traffic In Arms Regulations (“ITAR”) or the Export...more
The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more