On August 15, 2024, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the Cybersecurity Maturity Model Certification (CMMC) 2.0 program rule. The CMMC 2.0 program provides a framework for assessing contractor implementation of cybersecurity requirements and enhancing the protection
National Security
US DOD Issues Class Deviation Delaying DFARS Implementation of Upcoming NIST SP 800-171, Revision 3
On May 2, 2024, the Department of Defense (DoD) issued a class deviation to DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
The deviation relates to contractors’ compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, which is currently undergoing a revision. The deviation changes the requirement that contractors…
FAR Changes Proposed to Standardize Important Cybersecurity Requirements and to Impose New Cyber Threat, Incident Reporting and Information Sharing Rules
Last week, the government announced two sets of proposed revisions to the Federal Acquisition Regulation (FAR) to improve the cybersecurity of the government’s information systems. Both sets of revisions relate to President Biden’s May 2021 Executive Order 14028 on Improving the Nation’s Cybersecurity.
First, the Department of Defense (DoD), the General Services Administration…
President Biden Signs Executive Order on U.S. Intelligence Activities to Implement EU-U.S. Data Privacy Framework
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities,1 which is intended to implement U.S. commitments under the Trans-Atlantic Data Privacy Framework (DPF) announced in March 2022. With the new executive order, the Biden administration aims to strengthen the legal foundation for trans-Atlantic…
OMB Announces Requirements for Ensuring the Integrity of Software Used by Federal Agencies
On September 14, 2022, the US Office of Management and Budget (OMB) published a memorandum, M-22-18, requiring federal agencies to comply with previously announced guidelines for ensuring the integrity of third-party software on an agency’s information systems or that otherwise affects government information. Applicable to firmware, operating systems, applications, and application services (e.g., cloud-based…
CFIUS Risk Factors Expanded by Executive Order
On September 15, 2022, President Biden issued an executive order (the “Order”) to provide further detail and expand on the factors that the Committee on Foreign Investment in the United States (“CFIUS”) uses to evaluate whether a foreign investment provides a risk to US national security. The Order1 is the first executive order to…
Ukraine Crisis: Ten Key Questions on… Cybersecurity
In this episode of our Ukraine Crisis video series, Amy Jacks (Restructuring partner, London) asks Rajesh De (Global Head of Cybersecurity & Data Privacy, and member of the firm’s global Management Committee) ten key questions on cybersecurity.
Raj discusses how recent hostilities in Ukraine have contributed to the increase in the scope, scale and severity…
Russian Military Action in Ukraine: Measures to Mitigate Related Cyber Risk
After months of diplomatic engagement, the early morning of February 24, 2022 saw what President Biden called an “unprovoked and unjustified attack by Russian military forces” on Ukraine. Numerous news reports also have described significant cyber attacks against Ukrainian systems. According to those reports, these attacks follow multiple waves of cyber attacks in the past…
A Conversation with Gen. Paul Nakasone, Commander, US Cyber Command; Director, National Security Agency; Chief, Central Security Service
A Conversation with Gen. Paul Nakasone, Commander, US Cyber Command; Director, National Security Agency; Chief, Central Security Service General Paul Nakasone has served in the US Army for 35 years, holding a number of key cyber and national security positions, culminating in his service as the Commander of United States Cyber Command, Director of the…
A Conversation with Chris Inglis, National Cyber Director, the White House
Chris Inglis, the first person to hold the title of National Cyber Director, was nominated by President Biden and confirmed by the Senate in June. He was formerly a Deputy Director of the National Security Agency (NSA). Chris will be in conversation with Raj De, former General Counsel of the NSA and current head of…