AI Today in 5: August 7, 2025. The US v. China Episode
Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
On July 30, 2025, the U.S. Department of Justice (DOJ) announced that biotechnology company Illumina Inc. agreed to pay $9.8 million plus interest to resolve allegations of misrepresenting compliance with federal...more
Amid ongoing policy shifts in Washington, the federal government’s interest in pursuing civil cyber-fraud cases appears to be here to stay. In October 2021, the Department of Justice (DOJ) initiated its Civil Cyber-Fraud...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
The regulation of artificial intelligence (AI) has drawn significant interest from policymakers in the US, particularly at the state level. There has been a recent slew of legislative activity with respect to comprehensive AI...more
Within the past year, a number of countries around the world, including the United States, United Kingdom, France, and The Netherlands have initiated regulatory inquiries and developed new strategies for the purpose of more...more
The White House released the long-anticipated National Cybersecurity Strategy on March 2, 2023 setting out five (5) pillars articulating key themes and Administration priorities. Coming more than two years into the Biden...more
Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we...more
Artificial intelligence (AI) is expanding into more industries (often in surprising ways) and has inevitably caught the attention of federal and state regulators. Our Privacy, Cyber & Data Strategy Team summarizes the...more
On July 6, 2022, the heads of the U.S. Federal Bureau of Investigation (FBI) and the British MI5 law enforcement agencies issued an unprecedented joint statement warning about espionage and other economic threats from China....more
A seven-year long False Claims Act suit comes to an end after Aerojet Rocketdyne reaches a $9 million settlement agreement for its alleged false certification of compliance with cybersecurity requirements. In the settlement...more
WHAT: On November 4, 2021, the U.S. Department of Defense (DOD) announced the completion of a months-long internal review and significant changes to the strategic direction of its Cybersecurity Maturity Model Certification...more
Do you want a simple way to keep current on important privacy changes? Avoid sleepless nights wondering whether you missed a privacy speed bump or pothole between annual updates? Worry no longer. Troutman Pepper is pleased to...more
New Department of Defense (DoD) regulations related to government contractor Cybersecurity requirements become effective November 30, 2020. The progressive steps to mandatory contractor Cybersecurity Maturity Model...more
As of November 30, 2020, certain U.S. Department of Defense (“DoD”) prime contractors and subcontractors will need to complete a cybersecurity self-assessment prior to receiving new DoD contracts and prior to the exercise of...more
The Internet of Things (IoT) products have become a way of life. There are huge benefits of “smart” products, which interact through the internet to gather and exchange data to provide additional functions, security, and easy...more
The Situation: The United States government has been ramping up its efforts to protect sensitive data and is making clear it expects its contractors to protect data they receive and create. According to a recent Inspector...more
In recent years, the Committee on Foreign Investment in the United States (CFIUS) has taken a much stronger interest in the national security ramifications of sensitive data falling into the hands of foreign adversaries,...more
Two recent cases now prove that to avoid liability under the False Claims Act (FCA), government contractors must build and monitor information systems to protect government information and must also implement policies and...more
The window for Department of Defense (DoD) contractors to bring themselves into compliance with cybersecurity requirements is closing. Specifically, changes to the Defense Federal Acquisition Regulation Supplement (DFARS)...more
In this edition of our Privacy & Cybersecurity Update, we examine the Sixth Circuit's decision to allow injury-in-fact to be established by alleging a "substantial risk of harm" in a data breach case, New York state's...more
A company's board of directors has a duty to oversee all aspects of the company's risk management efforts. This includes a duty to recognize and minimize the company's exposure to cyber attacks. In today's increasingly...more
The U.S. Department of Defense (DoD) released interim rules on Aug. 26, 2015, setting forth (i) information system security requirements; (ii) mandatory cyber breach reporting; and (iii) cloud computing standards and...more
The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more