The Defense Department (DoD) recently released Department of Defense Instruction (DoDI) 5200.48, “Controlled Unclassified Information (CUI),” which provides the DoD’s long-anticipated guidance on how to mark and handle CUI in accordance with the Federal Government’s broader CUI Program and DFARS 252.204-7012. In doing so, it cancels legacy CUI guidance under DoD Manual 5200.01, Volume
Please Join Us for a Government Contracts Classroom Webinar: Navigating an Evolving Supply Chain Landscape in the Face of the Coronavirus Pandemic
The Coronavirus Pandemic continues to cause disruptions and highlight vulnerabilities in supply chains across nearly all industrial sectors. As businesses attempt to respond to challenges in obtaining parts and supplies, meeting contract supply and staffing requirements, and adhering to CDC recommendations, companies should be aware of how to minimize disruptions, preserve their rights, and avoid
Just in Time for Spring: Revision 2 to NIST SP 800-171 Comes into Full Bloom
The National Institute of Standards and Technology (NIST) recently released its final version of Revision 2 to the cybersecurity standard NIST Special Publication (SP) 800-171. While the security controls remain unchanged, Revision 2 now incorporates implementation guidance into each control. Importantly though, such guidance remains non-binding and is not intended to extend the scope of
Draft NIST Guidance Highlights Supply Chain Fundamentals as Key Practices in Cyber Supply Chain Risk Management
Last week, the National Institute of Standards and Technology (NIST) published the draft NISTIR 8276 “Key Practices in Cyber Supply Chain Risk Management” providing Key Practices and related recommendations for monitoring, controlling, and understanding how to conduct cyber – supply chain risk management (C-SCRM). The Eight Key Practices are general and apply equally, in practice,
No More “Wait & See” for CMMC: DoD Releases Final Cybersecurity Maturity Model Certification
The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions, such as:
- Process and Practice Descriptions in Appendix B, which include discussions and clarifications
Legal Careers in Cybersecurity, Privacy & Information Law Event
On October 24, 2019, Crowell & Moring in conjunction with the American Bar Association will be hosting the sixth annual Legal Careers in Cybersecurity, Privacy & Information Law networking and discussion event. This event offers law students and new lawyers the opportunity to learn how to meld law, policy, and technology, and better navigate the
DoD Increases DCMA Cybersecurity Responsibilities: DCMA to Implement and Assess Company-Wide Cyber Compliance
Adding to the Defense Contract Management Agency’s (DCMA) new cybersecurity responsibilities, the Department of Defense (DoD) Under Secretary of Defense for Acquisition and Sustainment (USDAS) recently issued a memorandum titled Strategically Implementing Cybersecurity Contract Clauses that increases DCMA’s role. The memorandum tasks DCMA with implementing a process to perform company-wide assessments of contractors’ compliance
OOPS 2018 Preview: Contractors and Cybersecurity
With even DoD officials acknowledging cyber threats ranging from exfiltrating our top military secrets (“the terabyte of death” per DISA’s Director) to seizing control of SECDEF’s car to sinking Navy vessels with critical infrastructure attacks, both federal agencies and government contractors are in the pressure cooker. For contractors, bad cybersecurity not only opens the door
How Quickly Should Contractors Report Data Breaches? GAO Denies Protest Finding 12 Hours Is Not Fast Enough
In Matter of: First Fin. Assocs., Inc., B-415713, Feb. 16, 2018, the Government Accountability Office (GAO) denied a protest filed by First Financial Associates, Inc. (FFA) against an award by the Department of Homeland Security, U.S. Secret Service (DHS/USSS) to FEEA Childcare Services, Inc. (FEEA) for the administration of a childcare subsidy program. FFA alleged that their proposal was not evaluated consistently with the RFP’s evaluation criteria regarding the protection of personally identifiable information (PII) incident reporting requirements.
Continue Reading
New Draft NIST Guidance on Systems Security Engineering
The National Institute of Standards and Technology (NIST) recently published a draft special publication titled Systems Security Engineering: Resiliency Considerations for the Engineering of Trustworthy Secure Systems (Volume 2), which provides guidance to professionals responsible for the activities and tasks related to the system life cycle processes in NIST’s flagship publication, NIST Special Publication 800-160