Numerous pieces of legislation and regulation have been issued in recent years to address the increased threats to the supply chain. We previously reported on the various aspects of the Section 889 ban on the Government and government contractors’ use and delivery of covered Chinese telecommunications and video surveillance equipment, components and services, and theRead More
Recently I participated in the National Defense Industrial Association (NDIA) Cyber Division’s Cyber Law and Policy Committee tabletop exercise on the identification and treatment of Controlled Unclassified Information (CUI) for purposes of compliance with DFARS 252.204-7012, Safeguarding covered defense information and cyber incident reporting, and the new Interim DFARS rules, 252.204-7019 and 252.204-7020, on BasicRead More
If you don’t know about SolarWinds, then you haven’t been reading the news for the past six months. Last October 2020, it was reported that a widely-used networking tool that helps companies in the public and private sectors manage their Information Technology (IT) portfolios – SolarWinds Orion product — had been compromised. Publicly, it hasRead More
Government Contracts & Investigations Co-Chair Susan Warshaw Ebner recently discussed the impact of the new Department of Defense (DOD) rule that will apply to government contractors in an article by Law360. The interim rule, which was published on September 29 and goes into effect on November 30, 2020, requires that contractors at all tiers be assessed and certified as compliant withRead More
The Cybersecurity Maturity Model Certification (CMMC) Advisory Board (CMMC AB) made a major announcement on September 16, 2020, announcing that it has trained an initial group of provisional assessors. As an earlier posting explains, the CMMC establishes cybersecurity controls for certification of government contractors from Level 1, the basic set of controls that all governmentRead More