After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a...more
Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and...more
At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth...more
On September 10, 2020, the General Services Administration (“GSA”) hosted a webinar related to its implementation of Section 889 of the 2019 NDAA – the ban relating to certain Chinese telecom companies – and associated...more
NIST’s news draft guidance, Special Publication 800-53B, Control Baselines for Information Systems and Organizations, provides important information on selecting both security and privacy control baselines for the Federal...more
NIST recently released the final public draft of SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (formerly Draft NIST SP...more
On July 14, 2020 the Department of Defense (“DoD”), General Services Administration (“GSA”), and the National Aeronautics and Space Administration (“NASA”) published an Interim Rule amending the Federal Acquisition Regulation...more
7/15/2020
/ China ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
General Services Administration (GSA) ,
Interim Rule ,
NASA ,
NDAA ,
Supply Chain ,
Technology Sector ,
Telecommunications
As a part of its Cybersecurity for IoT Program, NIST recently released two publications with the goal of providing cybersecurity guidance and best practices specific for companies manufacturing IoT devices. These publications...more
A lot has happened since the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (CMMC) v. 1.0 back in February (see our prior discussion here). In addition to developments with the CMMC...more
To further assist the contractor community with the effects of the unprecedented Coronavirus Disease 2019 (COVID-19), the U.S. Department of Defense (DoD) issued on April 8, 2020 a Class Deviation authorizing contracting...more
Last week the White House issued two additional Executive Orders (“EOs”) related to EO 13909, the subject of our March 20, 2020 blog post: Presidential Executive Order Calls on HHS to Issue Priority Contracts and Allocate...more
On March 18, 2020, the President issued an Executive Order on Prioritizing and Allocating Health and Medical Resources to Respond to the Spread of COVID-19 (the “EO”). The EO was issued pursuant to the Defense Production Act...more
Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year. In an effort to enhance supply chain security, the CMMC sets forth unified cybersecurity...more
In response to widespread interest in allowing more small business participation in opportunities involving cloud computing, the Small Business Administration (“SBA”) has decided to exclude cloud computing from the limitation...more
At the end of 2019, the Department of Defense (“DoD”) took another step to limit the potential cyber risks posed by telecommunications equipment manufactured by Chinese companies (and potentially Russian ones too). We...more
1/31/2020
/ China ,
Comment Period ,
Cybersecurity ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Huawei ,
Interim Rule ,
NDAA ,
System For Award Management (SAM) ,
Telecommunications ,
ZTE
As you probably know, we have been following very closely developments relating to Section 889 of the 2019 National Defense Authorization Act (NDAA), which prohibits executive agencies from purchasing restricted products and...more
The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting...more
On September 9, 2019, the U.S. General Services Administration (“GSA”) announced it would be issuing a mass modification (expected sometime this month) requiring all new and existing GSA Multiple Award Schedule (“MAS”)...more
We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE....more
In accordance with Section 889(a)(1)(A) of the 2019 National Defense Authorization Act (Pub. L. No. 115-232) (the “2019 NDAA”), which required imposition of broad restrictions on procurements involving certain Chinese...more
8/14/2019
/ China ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Huawei ,
Interim Rule ,
NDAA ,
Reporting Requirements ,
Supply Chain ,
Telecommunications ,
US Trade Policies
The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for...more
In an era of trade wars, espionage, and executive orders, how can companies who wish to dive into government procurement or are already involved in procurement abide by Federal laws and data security regulations and increase...more
“Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government...more
5/23/2019
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Contractors ,
Government Agencies ,
Hackers ,
Information Security ,
Internet of Things ,
NIST ,
Proposed Legislation ,
Vendors
On May 15, 2019, President Trump issued an Executive Order (“EO”) targeting activities of certain foreign telecommunications companies based in hostile countries. Entitled “Securing the Information and Communications...more
5/21/2019
/ Bureau of Industry and Security (BIS) ,
China ,
Entity List ,
Executive Orders ,
Export Administration Regulations (EAR) ,
Foreign Adversaries ,
Foreign Policy ,
Huawei ,
International Emergency Economic Powers Act (IEEPA) ,
Licensing Rules ,
National Security ,
Office of Foreign Assets Control (OFAC) ,
Prohibited Transactions ,
Supply Chain ,
Technology Sector ,
Telecommunications ,
Trump Administration ,
U.S. Commerce Department
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
4/30/2019
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
Information Security ,
Internet of Things ,
NIST ,
Policies and Procedures ,
Popular ,
Proposed Legislation ,
Risk Assessment ,
Sensitive Business Information ,
Vendors