Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
On January 15, 2025, the Federal Acquisition Regulation (“FAR”) Council issued its long-awaited “CUI Rule.” CUI, or Controlled Unclassified Information, is information that the government creates or possesses, or that an...more
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
Is this a Start of Something New for Third-Party Management? The demand for responsible cybersecurity in business is ubiquitous. The need to protect information is not limited to the financial services, insurance and...more
U.S. Department of Defense (DoD) contractors face new cybersecurity compliance requirements, including a significant deadline set for December 31, 2017. Most DoD contracts now include clauses imposing obligations on...more
This month marks an important waypoint for defense contractors subject to the new cybersecurity requirements imposed by the Department of Defense. For contractors subject to the requirements of Defense Federal Acquisition...more
Last week, the Department of Defense adopted as final, with several changes, its interim rule amending the DFARS on “Network Penetration Reporting and Contracting for Cloud Services.” The changes went into effect...more
The Department of Defense (DoD) issued an interim cybersecurity rule in August 2015 that, among other things, revises the existing Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity clause and increases...more
Is Controlled Unclassified Information Out of Control? The OMB apparently thinks so. On August 11, 2015, the Obama administration, through the Office of Management and Budget (OMB), which is the largest office within the...more
The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more
On August 26, 2015, the Department of Defense (DoD) published a long-awaited Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to require “rapid” reporting of “cyber incidents” that result in...more
On August 11, 2015, the Office of Management and Budget (“OMB”) released a draft policy memo entitled “Improving Cybersecurity Protections in Federal Acquisitions.” The purpose of the memo is to provide federal agencies with...more