Photo of Adelicia R. CliffePhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Michael G. Gruden, CIPP/GPhoto of Christopher Hebdon

The Department of Defense (DoD) recently implemented additional procedures for the mitigation of cybersecurity risks in its supply chain. Designed to identify and mitigate cybersecurity and related supply chain risks throughout a program’s lifecycle, DoD Instruction 5000.90, Cybersecurity Acquisition Decision Authorities and Program Managers, requires program managers to:

  • Assess contractors’ cybersecurity posture, including, where

Photo of Trina Fairley BarlowPhoto of Peter J. EyrePhoto of Kris D. MeadePhoto of Rebecca SpringerPhoto of Monica DiFonzo Sterling

On January 6, 2021, the DoD issued a class deviation, effective immediately, to implement the nationwide court order enjoining Sections 4 and 5 of Executive Order (EO) 13950, Combating Race and Sex Stereotyping, as well as guidance provided by the Office of Federal Contract Compliance Programs (OFCCP). EO 13950 prohibits federal agencies, contractors, and

Photo of Alan W. H. GourleyPhoto of Adelicia R. CliffePhoto of Jonathan M. BakerPhoto of Stephanie Crawford

Yesterday, the Office of the Under Secretary of Defense for Intelligence & Security, Department of Defense (DoD) published a final rule codifying the National Industrial Security Program Operation Manual (NISPOM) (DoDM 5220.22) into 32 C.F.R. Part 117. For the most part, this action simply inserts the long-applicable NISPOM requirements into the CFR, but DoD has

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Michael G. Gruden, CIPP/G

This week, the DoD announced the first group of pilot programs under the Cybersecurity Maturity Model Certification. Although still under review, these programs will likely be among a small group to issue solicitations in FY2021 that will require a CMMC certificate to be eligible for award. The DoD expects to identify eight other programs

Photo of Adelicia R. CliffePhoto of Alan W. H. GourleyPhoto of M.Yuan ZhouPhoto of Stephanie Crawford

Section 889(a)(1)(B) of the FY 2019 NDAA, scheduled to become effective on August 13, 2020, bars the Government from entering into a contract, or extending or renewing a contract, with any entity that uses certain covered telecommunications equipment or services. The prohibition against “use” of covered equipment applies broadly to a contractor’s “use” anywhere within

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Michelle ColemanPhoto of Laura J. Mitchell Baker

Consistent with  the U.S. Department of Defense’s (DoD) Artificial Intelligence (AI) Strategy, as we previously reported on here, on April 13, 2020, DOD published a Request for Information (RFI) requesting assistance from academia and industry with the development and planning of a potential new requirement for DOD’s Joint Artificial Intelligence Center’s (JAIC) Testing &

Photo of Adelicia R. CliffePhoto of Mark RiesPhoto of Stephanie Crawford

On March 30, 2020, the Defense Counterintelligence and Security Agency (DCSA) published COVID-19 NISP Guidance to describe for cleared industry how DCSA will conduct its oversight mission during the pandemic. That guidance includes, among other things:

  • DCSA has suspended all enhanced security vulnerability assessments (ESVA) and other on-site activities. DCSA Industrial Security Representatives (ISR) will

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Michael G. Gruden, CIPP/G

The Defense Department (DoD) recently released Department of Defense Instruction (DoDI) 5200.48, “Controlled Unclassified Information (CUI),” which provides the DoD’s long-anticipated guidance on how to mark and handle CUI in accordance with the Federal Government’s broader CUI Program and DFARS 252.204-7012.  In doing so, it cancels legacy CUI guidance under DoD Manual 5200.01, Volume

Photo of Adelicia R. CliffePhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Michelle ColemanPhoto of Laura J. Mitchell Baker

On February 24, 2020, following Secretary of Defense Mark Esper’s call on the private sector to work with the Department of Defense (DoD) to develop principles for using Artificial Intelligence (AI) in a “lawful and ethical manner,” (as we previously reported on here), the DoD announced its adoption of ethical principles for AI. The