[The referenced article was originally published in Law360.] Since August 2015, defense contractors have been on notice that they were required to implement the security controls in National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171 no later than December 31, 2017 on covered contractor information systems. Although the focus has been on meeting … Continue Reading
Last week, the Office of Management and Budget issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007. The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII). In addition to setting forth requirements … Continue Reading
Today, our colleagues Susan Cassidy, Ashden Fein, and John Sorrenti posted an article on Inside Government Contracts about the Department of Defense (DoD) issuing a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors. The article can be read here.… Continue Reading