The National Institute of Standards and Technology (NIST) has released an initial public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Compliance...more
The Cybersecurity and Infrastructure Security Agency (CISA) is seeking public comment on the secure software development common self-attestation form to be completed by software producers that sell software to the federal...more
While you were asking ChatGPT to create a 3-course menu for the upcoming book club you’re hosting or to explain the Rule Against Perpetuities, several federal government agencies announced initiatives related to the use of...more
5/1/2023
/ Artificial Intelligence ,
Automated Systems ,
Bots ,
Consumer Financial Protection Bureau (CFPB) ,
Copyright ,
Department of Justice (DOJ) ,
Equal Employment Opportunity Commission (EEOC) ,
Federal Trade Commission (FTC) ,
Infringement ,
Machine Learning ,
NIST ,
Open Source Software ,
Patents ,
Rule Against Perpetuities ,
Technology Sector
The Federal Risk and Authorization Management Program (FedRAMP) Program Management Office recently released a revised version of its Obligations and Compliance Standards document for third party assessors – the organizations...more
In the first installment of our cybersecurity series, we discussed the importance of developing and implementing practical Information Security policies and procedures within your organization as well as the ethical and legal...more
On March 2, 2023, the Biden Administration released its National Cybersecurity Strategy. The Strategy represents the latest push by the Administration to focus on cybersecurity concerns, following the release of Executive...more
Over the past few months, the OIG shorts series focused on structuring and implementing a comprehensive and effective ethics and compliance program. Many times, this requires a mindset shift from a checking-the-box mentality...more
2/2/2023
/ C-Suite Executives ,
Compliance ,
Corporate Culture ,
Corporate Governance ,
Cybersecurity ,
Data Protection ,
Data Security ,
Ethics ,
Incident Response Plans ,
Integrity Policies ,
OIG ,
Policies and Procedures ,
Risk Management ,
Risk Mitigation ,
Training
To conclude our series of cybersecurity areas to focus on in 2023 for those who do business with the Federal government, we look at the FedRAMP and StateRAMP developments from 2022...more
The federal government has continued its efforts to fulfill the requirements set forth in Executive Order 14028, Improving the Nation’s Cybersecurity. For companies that do business with the Federal government, beyond looking...more
1/25/2023
/ Cyber Incident Reporting ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Information Sharing ,
Privacy Laws ,
Regulatory Requirements
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
1/24/2023
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Acquisition Regulations (FAR) ,
Government Agencies ,
NIST ,
OMB ,
Popular ,
Software ,
Supply Chain
In this second in our series, we look at the long awaited update to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” which is expected to be released in late spring...more
As we get settled into the New Year it is a good time to reflect on your company’s current data security and plans for 2023. In this five-part series, we reflect on the top important cybersecurity developments for companies...more
On November 14, 2022, the Department of Defense (DoD), General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) published a proposed rule that would amend the Federal Acquisition...more
11/30/2022
/ Biden Administration ,
Climate Change ,
Contractors ,
Department of Defense (DOD) ,
Disclosure Requirements ,
Energy Sector ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
General Services Administration (GSA) ,
Greenhouse Gas Emissions ,
Proposed Regulation ,
Proposed Rules
The White House recently hosted a group of industry and government partners to discuss the development and implementation of an Internet of Things (IoT) labeling program. This program would develop a common label to help...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October...more
Per Executive Order 14028, Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) issued a memorandum on September 14, 2022 requiring federal agencies to only use software from software producers that...more
9/29/2022
/ Contract Solicitation ,
Cybersecurity ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
NIST ,
OMB ,
Software ,
Supply Chain ,
Third-Party
The Cybersecurity and Infrastructure Security Agency (CISA) is seeking input on various aspects of proposed incident reporting regulations under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (discussed...more
On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The...more
Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays...more
The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the...more
The Federal Acquisition Regulatory Council (the “FAR Council”) currently is considering amendments to the Federal Acquisition Regulation (“FAR”) that would elevate the consideration of climate-related risks in Federal...more
The rise of blockchain, metaverse and Web3 technologies has lead to rapid adoption across all sectors of the economy. The government sector is no exception. Perhaps one of the most compelling examples is the recent...more
President Biden recently signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as a part of a larger omnibus appropriations bill. The new law sets out mandatory reporting requirements for...more
3/29/2022
/ Covered Entities ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Security ,
Joe Biden ,
New Legislation ,
Popular ,
Privacy Laws ,
Proposed Rules ,
Reporting Requirements ,
Rulemaking Process
NIST recently released several key deliverables relating to cybersecurity. These focus on secure software development and new consumer labeling programs as contemplated by President Biden’s Executive Order 14028, which seeks...more
The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here)....more