Increasingly, the Federal government implements a rule for government contractors which then makes its way in some form into all of US industry. Cybersecurity regulations, mandating that government contractors, grant and agreement holders, and their subcontractors, maintain certain security controls and report on cyber incidents, have been in effect for a number of years. Indeed,Read More
This week the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Agency (CISA) issued a “SHIELDS UP” advisory. While it does not identify specific threats in the advisory, CISA states that the “Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, militaryRead More
In the wake of increasing cybersecurity threats and incidents, the U.S. Department of Defense (DoD) amended its Federal Acquisition Regulation Supplement (DFARS) in 2015 to issue the 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting clause (DFARS clause). The DFARS clause, which is included in all DoD solicitations and contracts, including those for acquisitionsRead More
Published on June 9, 2021, President Biden’s Executive Order on Protecting America’s Sensitive Data from Foreign Adversaries is the latest Executive Order seeking to strengthen national security by improving public and private sector capabilities and practices relating to cybersecurity and supply chain risks. As explained in a previous article, the first such Executive Order addressedRead More
Understanding the requirements for compliance with the interim DFARS rule on basic assessment and compliance with Cybersecurity Maturity Model Certification (CMMC) is not a task for the faint of heart. The rule requires that you accurately report the status of your compliance with the cybersecurity requirements in National Institute of Standards and Technology Special PublicationRead More