Government Contractor Privacy

The Cybersecurity and Infrastructure Security Agency (CISA) is seeking input on various aspects of proposed incident reporting regulations under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (discussed here). CISA issued a Request for Information (RFI) and has scheduled a number of listening sessions across the country. Written comments may be submitted until November 14, 2022.

Continue Reading CISA Seeking Input on Cyber Incident Reporting for Critical Infrastructure

President Biden recently signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 as a part of a larger omnibus appropriations bill.  The new law sets out mandatory reporting requirements for critical infrastructure entities in the event of certain cyber incidents and ransomware payments.  Under the Act, once implementing regulations are issued (which are not expected this year) covered entities will be subject to two new reporting requirements:  
Continue Reading Cybersecurity Act Signed Into Law Creates New Reporting Obligations

As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part four of a four-part series (you can read Part 1 here, Part 2 here, and Part 3 here.
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 4 of 4: Cybersecurity Maturity Model Certification (“CMMC”) 2.0

As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part three of a four-part series (you can read Part 1 here and Part 2 here).

Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 3 of 4: Cyber Incident & Ransomware Payment Reporting Legislation

As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part two of a four-part series (you can read Part 1 here).
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 2 of 4: Department of Justice (DOJ) Civil-Cyber Fraud Initiative

As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part one of a four-part series.
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 1 of 4: Biden’s Cybersecurity Executive Order (EO 14028)

The Department of Defense (DOD) recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our sister blog, the new version of the program – “CMMC 2.0” – has several important differences from the original program. CMMC 2.0 is anticipated to go into effect anywhere from nine to 24 months from now.

Continue Reading Updates Announced to Department of Defense Cybersecurity Certification Program