Cybersecurity Awareness Month is a good time to highlight one trend in federal efforts to address cyber risk: proscriptive regulation of the information and communications technology and services (“ICTS”) supply chain.

Supply chain risk management is a broad field encompassing, among other things, federal efforts to improve software security, and proposals to revise the FAR

In remarks on October 13, 2021, at the Cybersecurity and Infrastructure Security Agency (“CISA”) National Cybersecurity Summit, Acting Assistant Attorney General Brian Boynton fleshed out the Department of Justice’s (“DOJ”) thinking regarding the nature of the cybersecurity failures that are likely targets for potential False Claims Act (“FCA”)1 enforcement under the Civil Cyber-Fraud Initiative

On January 31, 2020, the US Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Cybersecurity Maturity Model Certification (CMMC) Version 1.0. DoD developed the CMMC to provide a unified cybersecurity standard for defense contractors and suppliers across all of the Defense Industrial Base (DIB), which,

On November 7, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Draft Version 0.6 of its Cybersecurity Maturity Model Certification (CMMC) for public comment. According to DoD’s overview briefing, the CMMC was created to provide “a unified cybersecurity standard for DoD acquisitions to