Helping individuals, companies, and organizations understand key legal and practical considerations for promoting compliance and making better business decisions in these types of federal, state, and local government contracting matters MORE

cybersecurity

Subscribe to cybersecurity via RSS

Earlier this month, the National Security Agency (NSA) discovered a serious security flaw in Microsoft Windows 10 cryptographic functionality, CVE-2020-0601.That security flaw could render trust certifications used to authenticate sources in communications and files vulnerable to spoofing or attack. As the NSA Cybersecurity Advisory notes, “[e]xploitation of the vulnerability allows attackers to defeat trusted

On January 16, 2020, the National Institute of Standards and Technology (NIST) issued its NIST Privacy Framework Version 1.0 (Privacy Framework). The Privacy Framework follows the same type of structure as the NIST Framework for Improving Critical Infrastructure Cybersecurity, which was first issued in February 2014 (NIST Cybersecurity Framework).

Specifically, NIST identifies the Privacy Framework

Last month we reported on the Department of Defense’s (DoD’s) issuance of Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) standard. That draft included DoD updates and revisions to CMMC’s domains, capabilities and practices for Levels 1 through 3. It deferred revisions to those parts of CMMC covering Levels 4 and 5. On

Previously we reported on the Department of Defense (‘DoD”) efforts to develop a Cybersecurity Maturity Model Certification (“CMMC”) program to verify the status of contractor cybersecurity and compliance. The CMMC program contemplates that third party auditors will be qualified and retained to review and certify contractors and suppliers at all tiers on their levels of