On April 1, 2024, the FAR Council published a new Final Rule that establishes FAR Part 40 – but without any new provisions of substance. This Final Rule becomes effective on May 1, 2024. Subsequently, the FAR Council...more
On March 28, 2024, the Office of Management and Budget (“OMB”) issued Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (the “Memo”). This is the final version...more
4/30/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Security ,
OMB ,
Policy Memorandums ,
Regulatory Agencies ,
Regulatory Agenda ,
Request For Information ,
Risk Assessment ,
Risk Management ,
Technology
The Biden Administration recently issued an Executive Order aimed at protecting American’s sensitive information and certain US Government data from threats posed by foreign actors. Of note is the Order’s focus on data...more
4/25/2024
/ Biden Administration ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Department of Justice (DOJ) ,
Executive Orders ,
Export Controls ,
National Security ,
Personal Data ,
Privacy Laws ,
Prohibited Transactions
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which was published in the...more
4/9/2024
/ Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Federal Contractors ,
Information Technology ,
New Regulations ,
Regulatory Agenda ,
Regulatory Reform ,
Reporting Requirements ,
Rulemaking Process ,
Supply Chain
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the...more
Class Deviation Prohibits DoD from Requiring Contractors to Disclose Emissions -
Over the past two years, the FAR Council has been working to develop a rule that would amend the Federal Acquisition Regulation (“FAR”) to...more
3/28/2024
/ Climate Change ,
Contractors ,
Department of Defense (DOD) ,
Disclosure Requirements ,
Environmental Social & Governance (ESG) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Greenhouse Gas Emissions ,
NDAA ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and...more
On January 26, 2024, the Federal Risk and Authorization Management Program (“FedRAMP”) published a draft Emerging Technology Prioritization Framework developed in response to President Biden’s Executive Order 14110 on Safe,...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
2/9/2024
/ Cloud Computing ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Rights ,
Data Security ,
Department of Defense (DOD) ,
Enforcement Actions ,
Federal Contractors ,
FedRAMP ,
Fraud ,
Privacy Laws ,
Software
ARTIFICIAL INTELLIGENCE -
What is the Privacy Impact of the White House AI Order for Businesses? Posted November 28, 2023
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance...more
2/7/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Privacy Rights ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Healthcare ,
Legislative Agendas ,
New Legislation ,
New Regulations ,
Online Safety for Children ,
Privacy Acts ,
Privacy Laws ,
State and Local Government ,
State Privacy Laws
The Department of Defense published a much-anticipated Proposed Rule at the end of last year for its Cybersecurity Maturity Model Certification program. The proposed rule is our first comprehensive look at the latest...more
On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor...more
On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber incident disclosures, pursuant to a...more
1/22/2024
/ Banking Sector ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
National Security ,
New Guidance ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”)...more
1/3/2024
/ Certification Requirements ,
Comment Period ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
DCMA ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Proposed Rules
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional...more
On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (“FedRAMP”) (the “Draft Memo”). The...more
On October 5, 2023, the FAR Council released an Interim Rule on “Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.” The Interim Rule implements requirements from Section 202 of the Federal...more
On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028)....more
10/5/2023
/ Biden Administration ,
Comment Period ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Protection ,
Data Security ,
Executive Orders ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
OMB ,
Popular ,
Proposed Rules ,
Public Comment ,
Regulatory Agenda ,
Software ,
Technology Sector
A few weeks ago, we discussed two recent cyber-related False Claims Act (FCA) cases. One of those cases is a qui tam lawsuit against Penn State and, as of the date of our article, we were waiting to see if DOJ would opt to...more
In recent weeks, there has been an uptick in news of cyber-related False Claims Act (“FCA”) activity. For example, on September 1, 2023, the court unsealed a qui tam lawsuit against Penn State University relating to...more
9/12/2023
/ Compliance ,
Compliance Monitoring ,
Controlled Defense Information (CDI) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
DFARS ,
Enforcement ,
False Claims Act (FCA) ,
Federal Contractors ,
Internal Investigations ,
Policies and Procedures ,
Popular ,
Qui Tam ,
Universities ,
Whistleblowers
In response to a constantly-evolving cyber threat landscape, the Biden Administration recently announced the launch of a new cybersecurity labeling program – the U.S. Cyber Trust Mark program – in an effort to enhance...more
8/4/2023
/ Connected Items ,
Consumer Privacy Rights ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Collection ,
Data Security ,
Federal Contractors ,
Internet of Things ,
New Legislation ,
NIST ,
Personal Data ,
Personally Identifiable Information ,
Privacy Concerns ,
Privacy Laws ,
Smart Devices ,
Technology Sector
On July 18, 2023, the Biden Administration announced the launch of the long-awaited cybersecurity labeling program, called the “U.S. Cyber Trust Mark,” aimed at providing consumers with a better understanding of the...more
8/2/2023
/ Biden Administration ,
Cybersecurity ,
Data Security ,
FCC ,
Internet of Things ,
Internet Retailers ,
Labeling ,
NIST ,
Notice of Proposed Rulemaking (NOPR) ,
Online Marketplace ,
Popular ,
Regulatory Agenda ,
Telecommunications ,
Wireless Technology
The National Institute of Standards and Technology is updating the security standards that govern the protection of sensitive government information. NIST recently released an initial public draft for comment. The document...more
On June 9, 2023, OMB released additional guidance on the implementation of OMB Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practice, which requires that federal...more