The William (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (“NDAA”) enacts major changes to America’s cyber defenses, reshaping how the private sector can combat growing cyber threats, as well as realigning roles and responsibilities of federal government agencies. This Legal Update discusses select cyber provisions in the NDAA and highlights key takeaways
Department of Defense (DOD)
DoD Releases Cybersecurity Maturity Model Certification 1.0—Once It’s Effective, Thousands of DoD Contractors, Suppliers Must Be Certified as Prerequisite to Contracting
On January 31, 2020, the US Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Cybersecurity Maturity Model Certification (CMMC) Version 1.0. DoD developed the CMMC to provide a unified cybersecurity standard for defense contractors and suppliers across all of the Defense Industrial Base (DIB), which,…
DoD Updates Draft Cybersecurity Maturity Model Certification—300,000+ DoD Contractors and Subcontractors Required to Be Certified as a Prerequisite to Contracting
On November 7, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Draft Version 0.6 of its Cybersecurity Maturity Model Certification (CMMC) for public comment. According to DoD’s overview briefing, the CMMC was created to provide “a unified cybersecurity standard for DoD acquisitions to…
National Cyber Strategy Outlines US Government Approach to Enhancing Cybersecurity
On September 20, 2018, the Trump administration released a comprehensive National Cyber Strategy. This document builds on initiatives outlined in Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure”(May 2017). (See our Legal Update.) The strategy’s stated objective is to “ensure the American people continue to reap the benefits of a…
Cybersecurity Information Sharing Act Signed Into US Law as Part of Omnibus Appropriations Legislation
On December 18, 2015, President Obama signed the Consolidated Appropriations Act, 2016 into law. This omnibus appropriations legislation will create significant new rules for the voluntary sharing of cybersecurity information within the private sector and with the government. Passage of the omnibus appropriations legislation thus brings to a close the multi-year debate over cybersecurity information…
US Senate Passes Cybersecurity Information Sharing Act
In a bylined article, Cybersecurity & Data Privacy partners Rajesh De and Howard Waltzman, associate Stephen Lilley, and Litigation & Dispute Resolution associate Matthew Waring (all Washington DC) discuss the passing of the Cybersecurity Information Sharing Act by the US Senate.
Recent Increases to DoD Contractors’ Cyber Security Reporting Obligations
In a bylined article, Government Contracts partner Marcia Madsen and Litigation & Dispute Resolution counsel Luke Levasseur (both Washington DC) examine DoD contractors’ cyber security compliance obligations.