Government Contracts, Investigations & International Trade Blog

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRC...

https://www.governmentcontractslawblog.com/2024/04/articles/cybersecurity/cisa-cyber-incident-reporting-for-critical-infrastructure-will-significantly-impact-government-contractors-suppliers-and-service-providers/

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Developmen...

https://www.governmentcontractslawblog.com/2024/03/articles/cybersecurity/cisa-opens-repository-for-submission-of-software-security-attestation-forms/

On January 26, 2024, the Federal Risk and Authorization Management Program (“FedRAMP”) published a draft Emerging Technology Prioritization Framework developed in response to President Biden�...

https://www.governmentcontractslawblog.com/2024/02/articles/artificial-intelligence/emerging-ai-landscape-fedramp-publishes-draft-emerging-technology-prioritization-framework-in-response-to-executive-order-on-artificial-intelligence/

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources t...

https://www.governmentcontractslawblog.com/2024/02/articles/cybersecurity/governmental-practice-cybersecurity-and-data-protection-2023-recap-2024-forecast-alert/

On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber inci...

https://www.governmentcontractslawblog.com/2024/01/articles/cybersecurity/for-limited-use-only-guidance-on-national-security-delay-determinations-under-the-sec-cyber-reporting-rule/

On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Uncl...

https://www.governmentcontractslawblog.com/2024/01/articles/cybersecurity/dod-ig-report-provides-insight-into-common-missteps-when-protecting-cui/

Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturi...

https://www.governmentcontractslawblog.com/2024/01/articles/defense-contracts/new-year-new-rules-the-cmmc-proposed-rule-is-here/

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft)...

https://www.governmentcontractslawblog.com/2023/12/articles/cybersecurity/update-cisa-seeks-additional-input-from-software-providers-on-security-attestation-form/

On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (�...

https://www.governmentcontractslawblog.com/2023/10/articles/cloud-computing/time-for-an-upgrade-omb-releases-draft-memorandum-modernizing-fedramp/

On October 5, 2023, the FAR Council released an Interim Rule on “Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.” The Interim Rule implements requirements fro...

https://www.governmentcontractslawblog.com/2023/10/articles/supply-chain/interim-rule-effective-in-december-establishes-requirements-for-contractors-to-remove-identified-products-and-services-from-the-u-s-government-supply-chain/