On August 15, 2024, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the Cybersecurity Maturity Model Certification (CMMC) 2.0 program rule. The CMMC 2.0 program provides a framework for assessing contractor implementation of cybersecurity requirements and enhancing the protection

On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

The deviation relates to contractors’ compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, which is currently undergoing a revision. The deviation changes the requirement that contractors

Last week, the government announced two sets of proposed revisions to the Federal Acquisition Regulation (FAR) to improve the cybersecurity of the government’s information systems. Both sets of revisions relate to President Biden’s May 2021 Executive Order 14028 on Improving the Nation’s Cybersecurity.

First, the Department of Defense (DoD), the General Services Administration

On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic

On September 14, 2022, the US Office of Management and Budget (OMB) published a memorandum, M-22-18, requiring federal agencies to comply with previously announced guidelines for ensuring the integrity of third-party software on an agency’s information systems or that otherwise affects government information. Applicable to firmware, operating systems, applications, and application services (e.g., cloud-based

On September 15, 2022, President Biden issued an executive order (the “Order”) to provide further detail and expand on the factors that the Committee on Foreign Investment in the United States (“CFIUS”) uses to evaluate whether a foreign investment provides a risk to US national security. The Order1 is the first executive order to

In this episode of our Ukraine Crisis video series, Amy Jacks (Restructuring partner, London) asks Rajesh De (Global Head of Cybersecurity & Data Privacy, and member of the firm’s global Management Committee) ten key questions on cybersecurity.

Raj discusses how recent hostilities in Ukraine have contributed to the increase in the scope, scale and severity

After months of diplomatic engagement, the early morning of February 24, 2022 saw what President Biden called an “unprovoked and unjustified attack by Russian military forces” on Ukraine. Numerous news reports also have described significant cyber attacks against Ukrainian systems. According to those reports, these attacks follow multiple waves of cyber attacks in the past

A Conversation with Gen. Paul Nakasone, Commander, US Cyber Command; Director, National Security Agency; Chief, Central Security Service General Paul Nakasone has served in the US Army for 35 years, holding a number of key cyber and national security positions, culminating in his service as the Commander of United States Cyber Command, Director of the