Daniel Alvarado on Data Security

FedRAMP 20x – Update on Significant Change Process and Assessment Scope Standards

Last month, the federal government announced a major overhaul of the Federal Risk and Authorization Management Program (“FedRAMP”) called “FedRAMP 20x”. FedRAMP 20x is moving forward fast – with new authorizations, community...more

5/5/2025 / Cloud Computing , Comment Period , Data Security , FedRAMP , Government Agencies , New Guidance , Regulatory Reform , Regulatory Standards , Risk Management , Software

FedRAMP Releases New Draft Authorization Boundary Guidance

Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more

1/30/2025 / Cloud Computing , Comment Period , Compliance , Cybersecurity , Data Privacy , Data Security , Draft Guidance , Federal Contractors , FedRAMP , New Guidance , NIST , Regulatory Requirements , Risk Management

Better Safe Than Sorry: OMB Releases Memorandum on Managing AI Risks in the Federal Government

On March 28, 2024, the Office of Management and Budget (“OMB”) issued Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (the “Memo”). This is the final version...more

4/30/2024 / Artificial Intelligence , Data Privacy , Data Security , OMB , Policy Memorandums , Regulatory Agencies , Regulatory Agenda , Request For Information , Risk Assessment , Risk Management , Technology

Governmental Practice Cybersecurity and Data Protection - 2023 Recap & 2024 Forecast Alert

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more

2/12/2024 / Artificial Intelligence , Cloud Computing , Cybersecurity , Data Protection , Data Security , Department of Defense (DOD) , Enforcement , Federal Acquisition Regulations (FAR) , FedRAMP , Software

Governmental Practice Cybersecurity and Data Protection: 2023 Recap & 2024 Forecast Alert

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more

2/9/2024 / Cloud Computing , Cybersecurity , Cybersecurity Maturity Model Certification (CMMC) , Data Protection , Data Rights , Data Security , Department of Defense (DOD) , Enforcement Actions , Federal Contractors , FedRAMP , Fraud , Privacy Laws , Software

Seeking HoNIST Opinions, Part II – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices and...

The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October...more

11/11/2021 / Biden Administration , Cybersecurity , Data Security , Executive Orders , Federal Contractors , Government Agencies , Information Technology , NIST , Risk Management , Software , Supply Chain , Technology

Double Time – NIST Seeks Comments on Major Revision to Practices for Developing Cyber-Resilient Systems (SP 800-160) and Assessing...

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST...more

8/31/2021 / Critical Infrastructure Sectors , Cyber Attacks , Cybersecurity , Cybersecurity Framework , Data Privacy , Data Protection , Data Security , Internet of Things , NIST

Daniel Alvarado

Sheppard Mullin Richter & Hampton LLP

Popular Topics by This Author

Latest Posts › Data Security