Information Technology

On March 2, 2023, the Biden Administration released its National Cybersecurity Strategy. The Strategy represents the latest push by the Administration to focus on cybersecurity concerns, following the release of Executive Order 14028, Improving the Nation’s Cybersecurity in May 2021. The Strategy lays out the cybersecurity goals and objectives for the federal government and outlines a fundamental change in how the federal government wishes to allocate roles, responsibilities, and resources for cybersecurity. It contemplates placing greater responsibility on industry, particularly owners and operators of systems that hold personal data and technology providers. 

Continue Reading Biden Administration Releases Highly Anticipated National Cybersecurity Strategy

The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October 17, 2022.

Continue Reading Third Time’s The Charm – FedRAMP Releases Draft Authorization Boundary Guidance Version 3 for Public Comment

On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The comment period currently is open and scheduled to close on September 16, 2022

Continue Reading NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI) Guidelines

As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order.  The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.

Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on April 29, 2021. The public comment period currently is open and concludes on June 14, 2021. NIST anticipates releasing a second draft in September 2021, with a final version anticipated to be released by April 2022.
Continue Reading Seeking HoNIST Opinions – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) and Provides Further Software Supply Chain Guidance

On May 12, 2021, the Biden Administration issued its much anticipated “Executive Order on Improving the Nation’s Cybersecurity.” Below are provisions we believe will be of most interest to contractors, as well as any company that provides information technology (“IT”) and operational technology (“OT”) services, cloud computing, software, or internet of things (“IoT”) technology, as the new regulations and standards called for in the Order are likely to have an impact beyond government contractors.
Continue Reading Biden’s Cybersecurity Executive Order