Photo of Kate M. Growley, CIPP/G, CIPP/US

The Defense Department (DoD) recently released Department of Defense Instruction (DoDI) 5200.48, “Controlled Unclassified Information (CUI),” which provides the DoD’s long-anticipated guidance on how to mark and handle CUI in accordance with the Federal Government’s broader CUI Program and DFARS 252.204-7012.  In doing so, it cancels legacy CUI guidance under DoD Manual 5200.01, Volume

The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control.  Importantly though, such guidance remains non-binding and is not intended to extend the scope of

On February 24, 2020, following Secretary of Defense Mark Esper’s call on the private sector to work with the Department of Defense (DoD) to develop principles for using Artificial Intelligence (AI) in a “lawful and ethical manner,” (as we previously reported on here), the DoD announced its adoption of ethical principles for AI. The

Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice,

The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:

  • Process and Practice Descriptions in Appendix B, which include discussions and clarifications

On December 10, 2019, Under Secretary of Defense for Acquisition and Sustainment, Ellen Lord, briefed the press on the Department of Defense’s (DoD) significant acquisition reform achievements in 2019 and outlined many of the DoD’s top priorities for the coming year. Among a litany of other topics, the Secretary discussed efforts to streamline the

On October 24, 2019, Crowell & Moring in conjunction with the American Bar Association will be hosting the sixth annual Legal Careers in Cybersecurity, Privacy & Information Law networking and discussion event. This event offers law students and new lawyers the opportunity to learn how to meld law, policy, and technology, and better navigate the

On August 9, 2019, the National Institute of Standards and Technology (NIST) released “U.S. Leadership in AI: A Plan for Federal Engagement in Developing Technical Standards and Related Tools” (the Plan) in response to Executive Order 13859 (EO), as reported on here. In accordance with the EO, the Plan outlines the following

Following the announcement of the White House’s Executive Order on Maintaining American Leadership in Artificial Intelligence (EO) and the Department of Defense’s (DOD) Artificial Intelligence Strategy (AI Strategy) in February, as reported on here, the United States recently endorsed the Organization for Economic Co-operation and Development Council’s (OECD) Recommendation on Artificial Intelligence (Recommendation) –

Crowell & Moring has issued its fifth annual report on regulatory trends for in-house counsel. “Regulatory Forecast 2019: What Corporate Counsel Need to Know for the Coming Year” explores a diverse range of regulatory developments coming out of Washington and other leading regulatory centers of power, and it takes a deep dive into