The U.S. Department of Justice (“DOJ”) Data Security Program (“DSP”) 90-day enforcement grace period ended as of July 8, 2025. While the program became effective April 8, 2025, DOJ implemented a 90-day enforcement grace...more
Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more
1/30/2025
/ Cloud Computing ,
Comment Period ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Data Security ,
Draft Guidance ,
Federal Contractors ,
FedRAMP ,
New Guidance ,
NIST ,
Regulatory Requirements ,
Risk Management
On January 8, 2025, the Department of Justice (“DOJ”) published its final rule addressing Executive Order (E.O.) 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data...more
1/30/2025
/ Artificial Intelligence ,
China ,
Compliance ,
Cybersecurity Information Sharing Act (CISA) ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
Enforcement ,
Export Controls ,
Final Rules ,
Information Technology ,
International Emergency Economic Powers Act (IEEPA) ,
National Security ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Risk Management ,
Technology Sector
As general interest and investment in AI has accelerated since the initial public launch of ChatGPT, so too has the U.S. federal government both increased its spending in the area and the speed with which it adopted...more
8/7/2024
/ Acquisitions ,
Artificial Intelligence ,
Bias ,
Bots ,
Cross-Border ,
Data Privacy ,
Government Agencies ,
Intellectual Property Protection ,
IP License ,
Machine Learning ,
Mergers ,
Patents ,
Policies and Procedures ,
Regulatory Requirements ,
Trade Secrets
On March 28, 2024, the Office of Management and Budget (“OMB”) issued Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (the “Memo”). This is the final version...more
4/30/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Security ,
OMB ,
Policy Memorandums ,
Regulatory Agencies ,
Regulatory Agenda ,
Request For Information ,
Risk Assessment ,
Risk Management ,
Technology
The Biden Administration recently issued an Executive Order aimed at protecting American’s sensitive information and certain US Government data from threats posed by foreign actors. Of note is the Order’s focus on data...more
4/25/2024
/ Biden Administration ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Department of Justice (DOJ) ,
Executive Orders ,
Export Controls ,
National Security ,
Personal Data ,
Privacy Laws ,
Prohibited Transactions
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
The federal government has continued its efforts to fulfill the requirements set forth in Executive Order 14028, Improving the Nation’s Cybersecurity. For companies that do business with the Federal government, beyond looking...more
1/25/2023
/ Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Information Sharing ,
Privacy Laws ,
Regulatory Requirements
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
1/24/2023
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Acquisition Regulations (FAR) ,
Government Agencies ,
NIST ,
OMB ,
Popular ,
Software ,
Supply Chain
In this second in our series, we look at the long awaited update to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” which is expected to be released in late spring...more
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST...more
NIST has now finalized its guidance providing important information on selecting both security and privacy control baselines for the Federal Government. The guidance is available here: Special Publication 800-53B, Control...more
After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a...more
NIST recently released the final public draft of SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (formerly Draft NIST SP...more
The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for...more
“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government...more
5/23/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Hackers ,
Information Security ,
Internet of Things ,
NIST ,
Proposed Legislation ,
Vendors
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
4/30/2019
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Internet of Things ,
NIST ,
Policies and Procedures ,
Popular ,
Proposed Legislation ,
Risk Assessment ,
Sensitive Business Information ,
Vendors
The U.S. Government is increasingly taking the initiative to alert companies to the cybersecurity risks of certain foreign corporations. Whether by issuing binding directives on agencies, passing laws or promulgating...more