AI Today in 5: August 7, 2025. The US v. China Episode
Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The United States Department of Justice (DOJ) recently settled a qui tam suit with defense contractor Raytheon and its successor company, Nightwing Intelligence Solutions, LLC (Nightwing), totaling $8.4 million. The...more
On May 1, 2025, the U.S. Department of Justice (DOJ) announced a settlement under the False Claims Act (FCA) involving defense contractors Raytheon Company (Raytheon), RTX Corporation (RTX), and Nightwing Group—the successor...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more
These days, cyber regulators are in a hurry. Commentators have observed, the “federal government is quietly directing a seismic shift in the economy” with new mandates. Ann Neuberger, Deputy National Security Advisor for...more
Over the holidays, the U.S. Department of Defense (DoD) issued proposed rules for updating its Cybersecurity Maturity Model Certification (CMMC) program from its existing Defense Acquisition Regulatory Supplement (DFARS)...more
The US Department of Defense (DoD) has issued a proposed rule to implement its long-awaited Cybersecurity Maturity Model Certification program (CMMC 2.0). This proposed rule — released on December 26, 2023, and published in...more
The proposed rule requires contractors to make annual affirmations regarding their cybersecurity maturity, thus increasing their risk of False Claims Act Liability. The proposed rule allows for limited use of Plans of...more
Small Business Administration (SBA) Press Release: SBA Announces Biden-Harris Administration’s Progress in Small Business Lending with End-of-Year Capital Program Numbers - On November 21, Small Business Administrator...more
The Cybersecurity and Infrastructure Security Agency (CISA) has released a revised draft of its Secure Software Development Attestation Common Form ("Form"). The Form, once finalized, will obligate vendors providing software...more
In what can best be described as a tsunami of cybersecurity regulation, the Federal Acquisition Regulation (FAR) Council—consisting of the Department of Defense (DoD), General Services Administration (GSA), and National...more
Each month, Venable's Government Contracts Group publishes a summary of recent legal developments of interest to the government contractor community. President Signs Fiscal Responsibility Act Suspending Debt Ceiling: The...more
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
The Situation: The United States government has been ramping up its efforts to protect sensitive data and is making clear it expects its contractors to protect data they receive and create. According to a recent Inspector...more
Two recent cases now prove that to avoid liability under the False Claims Act (FCA), government contractors must build and monitor information systems to protect government information and must also implement policies and...more
Government contractors are subject to cybersecurity requirements, found in the Federal Acquisition Regulation (FAR) and each agency’s supplement to the FAR, and some important deadlines are fast approaching. Set forth below...more