Category: Cyber, Data Security, and Privacy
NIST Privacy Framework Version 1.0 Issued
On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework for Improving Critical Infrastructure Cybersecurity, which was first issued in February 2014 (NIST Cybersecurity Framework). Specifically, NIST identifies the Privacy FrameworkRead More
New Changes to the ITAR Focus on Unclassified Technical Data And the release of “Access Information”
As part of its years-long project to update and revise the International Traffic in Arms Regulations (ITAR) and better align them with the Export Control Regulations, the Department of State (DoS) recently amended the ITAR with an interim rule to address another group of amendments first proposed in June of 2015. The new rule definesRead More
Securing the Supply Chain – CMMC Draft Version 0.7 Issued
Last month we reported on the Department of Defense’s (DoD’s) issuance of Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) standard. That draft included DoD updates and revisions to CMMC’s domains, capabilities and practices for Levels 1 through 3. It deferred revisions to those parts of CMMC covering Levels 4 and 5. OnRead More
DoD Issues Revised Draft Cyber Security Model Certification to Address Levels 1 Through 3
Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program contemplates that third party auditors will be qualified and retained to review and certify contractors and suppliers at all tiers on their levels ofRead More