Companies in virtually every critical infrastructure sector have to navigate the maze of duplicative, inconsistent, and fragmented cybersecurity regulations imposed by federal and state governments. For example, as we have...more
8/8/2025
/ Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Government Agencies ,
Legislative Agendas ,
New Legislation ,
OMB ,
Proposed Legislation ,
Proposed Rules ,
Regulatory Reform ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Securities and Exchange Commission (SEC)
President Trump issued a cybersecurity Executive Order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity” (Trump EO), along with a corresponding Fact Sheet on June 6, 2025. The Trump EO clears some of the...more
6/16/2025
/ Artificial Intelligence ,
Biden Administration ,
China ,
Cloud Computing ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Executive Orders ,
Federal Contractors ,
FedRAMP ,
Government Agencies ,
Internet of Things ,
National Security ,
National Security Agency (NSA) ,
NIST ,
OMB ,
Popular ,
Regulatory Reform ,
Software ,
Supply Chain ,
Trump Administration
Continuing its efforts under Chairman Brendan Carr’s leadership to safeguard United States communications infrastructure from foreign threats, the Federal Communications Commission (FCC or Commission) adopted an Order and...more
6/5/2025
/ Bureau of Industry and Security (BIS) ,
China ,
Department of Defense (DOD) ,
Enforcement Actions ,
FCC ,
Foreign Adversaries ,
Government Agencies ,
National Security ,
Proposed Rules ,
Recordkeeping Requirements ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Suppliers ,
Supply Chain ,
Telecommunications
As we noted in Federal Cybersecurity Policy in 2025: What to Watch in Changing Times, key parts of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), the United States’ foundational cybersecurity information...more
So far, 2024 has been another very busy year for U.S. cybersecurity regulation. Among the top priorities has been software security, as we previewed early this year. Companies that sell software to the federal government or...more
8/15/2024
/ Compliance ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Federal Acquisition Regulations (FAR) ,
FedRAMP ,
General Services Administration (GSA) ,
Government Agencies ,
Information Technology ,
NIST ,
OMB ,
Software
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more