The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)
OMB Announces Requirements for Ensuring the Integrity of Software Used by Federal Agencies
On September 14, 2022, the US Office of Management and Budget (OMB) published a memorandum, M-22-18, requiring federal agencies to comply with previously announced guidelines for ensuring the integrity of third-party software on an agency’s information systems or that otherwise affects government information. Applicable to firmware, operating systems, applications, and application services (e.g., cloud-based
US DOJ Describes Approach and Target Areas for the Civil Cyber-Fraud Initiative Directed at Federal Contractors and Grantees
In remarks on October 13, 2021, at the Cybersecurity and Infrastructure Security Agency (“CISA”) National Cybersecurity Summit, Acting Assistant Attorney General Brian Boynton fleshed out the Department of Justice’s (“DOJ”) thinking regarding the nature of the cybersecurity failures that are likely targets for potential False Claims Act (“FCA”)1 enforcement under the Civil Cyber-Fraud Initiative
Heightened Cyber False Claims Risk: New DOJ Approach to US Government Contractor and Federal Grantee Cybersecurity Enforcement
On October 6, 2021, the US Department of Justice (DOJ) announced a new initiative to address cyber-fraud and that focuses on government contractors. Specifically, DOJ has launched a “Civil Cyber-Fraud Initiative” (Initiative), which will combine DOJ’s “expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security
The U.S. National Defense Authorization Act for Fiscal Year 2021: Cybersecurity Provisions
The William (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (“NDAA”) enacts major changes to America’s cyber defenses, reshaping how the private sector can combat growing cyber threats, as well as realigning roles and responsibilities of federal government agencies. This Legal Update discusses select cyber provisions in the NDAA and highlights key takeaways
US Congress Passes Significant Legislation on the Security of the Internet of Things
The recent enactment of the “Internet of Things Cybersecurity Improvement Act of 2020” (the “Act”) promises new scrutiny of security in the Internet of Things (“IoT”)—the broad array of connected devices that are increasingly integrated into every aspect of modern life. This important legislation provides for the creation of IoT security guidelines for devices sold
DoD Releases Cybersecurity Maturity Model Certification 1.0—Once It’s Effective, Thousands of DoD Contractors, Suppliers Must Be Certified as Prerequisite to Contracting
On January 31, 2020, the US Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Cybersecurity Maturity Model Certification (CMMC) Version 1.0. DoD developed the CMMC to provide a unified cybersecurity standard for defense contractors and suppliers across all of the Defense Industrial Base (DIB), which,
DoD Updates Draft Cybersecurity Maturity Model Certification—300,000+ DoD Contractors and Subcontractors Required to Be Certified as a Prerequisite to Contracting
On November 7, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Draft Version 0.6 of its Cybersecurity Maturity Model Certification (CMMC) for public comment. According to DoD’s overview briefing, the CMMC was created to provide “a unified cybersecurity standard for DoD acquisitions to
Staying Ahead of the Curve: Cybersecurity and Data Privacy–Hot Topics for Global Businesses
Cyber threats continue to evolve, and data privacy considerations continue to grow more complex. Whether defending against global ransomware campaigns or adjusting to new legal regimes governing international data transfers, companies of all sizes today face unprecedented cybersecurity and data privacy challenges.
Our practical guide, Staying Ahead of the Curve: Cybersecurity and Data Privacy—Hot Topics
Cybersecurity Regulation in the United States: Governing Frameworks and Emerging Trends
Companies across industry sectors have developed risk-based cybersecurity programs to respond to the substantial and complex cyber threats they face. Managing regulatory risk has become an important element of these cybersecurity programs, as regulators use rules, enforcement actions, and guidance to establish an increasingly complex framework of regulatory expectations.
This 80-page book offers insights on