Photo of Evan D. Wolff

The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI)

The National Institute of Standards and Technology (NIST) recently released the final public draft of NIST Special Publication (SP) 800-172, formerly known as Draft NIST SP 800-171B. Building on the security requirements in NIST SP 800-171, the applicable standard under DFARS 252.204-7012, 800-172 provides 34 enhanced requirements to protect Controlled Unclassified Information (CUI)

As businesses continue to grapple with and progress through the challenges presented by the COVID-19 crisis, it is not too early to focus beyond the horizon on what the privacy and cybersecurity landscape might look like when the crisis finally passes. Crowell & Moring’s Privacy and Cybersecurity Group seeks to identify likely issues and new

As the COVID-19 pandemic continues and there is mounting pressure to ease business and social restrictions, governments, non-profits, and private corporations are all increasingly focused on solutions that would not only track and trace the movements of individuals to determine exposure to the virus and compliance with stay-at-home orders, but also potentially signal the person’s

The Defense Department (DoD) recently released Department of Defense Instruction (DoDI) 5200.48, “Controlled Unclassified Information (CUI),” which provides the DoD’s long-anticipated guidance on how to mark and handle CUI in accordance with the Federal Government’s broader CUI Program and DFARS 252.204-7012.  In doing so, it cancels legacy CUI guidance under DoD Manual 5200.01, Volume

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released guidance to help state and local jurisdictions and the private sector identify and manage their essential workforce while responding to coronavirus (COVID-19). The White House Coronavirus Guidelines direct that Critical Infrastructure Industry, as defined by the Department of Homeland Security, has a special responsibility to maintain

The Coronavirus Pandemic continues to cause disruptions and highlight vulnerabilities in supply chains across nearly all industrial sectors.  As businesses attempt to respond to challenges in obtaining parts and supplies, meeting contract supply and staffing requirements, and adhering to CDC recommendations, companies should be aware of how to minimize disruptions, preserve their rights, and avoid

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control.  Importantly though, such guidance remains non-binding and is not intended to extend the scope of

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

  • Process and Practice Descriptions in Appendix B, which include discussions and clarifications

On August 9, 2019, the National Institute of Standards and Technology (NIST) released “U.S. Leadership in AI: A Plan for Federal Engagement in Developing Technical Standards and Related Tools” (the Plan) in response to Executive Order 13859 (EO), as reported on here. In accordance with the EO, the Plan outlines the following