No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 243: HIPAA Compliance and Potential Changes with Shannon Lipham of Maynard Nexsen
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Driving Digital Security: The FTC's Safeguards Rule Explained — Moving the Metal: The Auto Finance Podcast
Privacy for Risk Management: Bridge the Business, Technology and Compliance Gaps
Innovation in Compliance: Real-Time Fraud Prevention Strategies for Financial Loss Prevention with Vince Walden
Innovation in Compliance: The Critical Importance of Mobile Application Security: Insights from Subho Halder
Compliance and AI: Using AI for Data Loss Prevention Systems with Vinay Goel
Safeguarding Your Business Data
Navigating the Maze: eDiscovery Essentials for Employers — Hiring to Firing Podcast
Top Healthcare Compliance Priorities for 2025
Business Better Podcast Episode: Bridging Campuses: Legal Insights on Education Industry Consolidation – Privacy and Data Security
Episode 366 -- DOJ Issues Data Security Program Requirements
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
Why Privacy Matters to Your Business and What's in Store for 2025
Getting Bang for Your Buck: Spend Your 2025 Privacy Budget Wisely
Constangy Clips Ep. 7- 4 New Year’s Resolutions to Keep Your Cyber Data Safe and Secure in 2025
The Privacy Insider Podcast Episode 10: 2025 Privacy Predictions: Hold My Beer, 2024
On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction...more
Last week, the Trump administration made its priorities clear for the nation’s cybersecurity posture in the form of the newly issued executive order entitled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
Earlier this year, the FAR Council issued a proposed rule to implement the Controlled Unclassified Information (CUI) Program as it relates to federal contracts. The proposed rule is "just one element of a larger strategy to...more
On January 15, 2025, the Federal Acquisition Regulatory Council (FAR Council) proposed two significant rule changes that could reshape compliance obligations for government contractors: one establishing standardized...more
In his final days in office, President Biden signed an ambitious executive order to improve the federal government's approach to cybersecurity. Executive Order 14114 ("Executive Order"), issued January 16, 2025, titled...more
The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
On January 16, 2025, former President Biden issued the Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the EO). The EO directs various parts of the federal government to adopt a...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more
On January 15, 2025, the Federal Acquisition Regulation (“FAR”) Council issued its long-awaited “CUI Rule.” CUI, or Controlled Unclassified Information, is information that the government creates or possesses, or that an...more
The National Institute of Standards and Technology (NIST) has released an initial public draft of NIST SP 800-171, Revision 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. Compliance...more
Almost two years ago, Executive Order 14028 – Improving the Nation’s Cybersecurity (EO) was issued requiring a host of actions be taken by the Federal Acquisition Regulation (FAR) Council, the National Institute of Standards...more
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
In this second in our series, we look at the long awaited update to NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” which is expected to be released in late spring...more
Last month we reported on the Department of Defense’s (DoD’s) issuance of Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) standard. That draft included DoD updates and revisions to CMMC’s domains,...more
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
Since last year, I have been writing about the increasing impact of cybersecurity on contract awards. DoD has issued guidance on how it will evaluate system security plans, and it has indicated that, along with cost,...more
The Department of Defense (DOD) and its component services and agencies are taking several independent steps to assess and enhance their cyber and supply chain security that will directly or indirectly affect DOD contractors...more
Under the Department of Defense (DoD) final Defense Federal Acquisition Regulation Supplement (DFARS) rule on Network Penetration Reporting and Contracting for Cloud Services, DoD contractors maintaining, processing, or...more
On May 16, 2016, the Federal Acquisition Regulations (“FAR”) Council published the final FAR rule on Basic Safeguarding of Contractor Information Systems. The rule is intended to prescribe “the most basic level” of...more
The Department of Defense (DoD) issued an interim cybersecurity rule in August 2015 that, among other things, revises the existing Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity clause and increases...more
Is Controlled Unclassified Information Out of Control? The OMB apparently thinks so. On August 11, 2015, the Obama administration, through the Office of Management and Budget (OMB), which is the largest office within the...more
In a move that highlights the changing winds of federal cybersecurity policy, the Department of Defense (“DoD”) has issued an interim Rule (“Rule”) that imposes new security and reporting requirements on federal contractors,...more
The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more