Ashden Fein is an associate in Covington’s Data Privacy and Cybersecurity, Litigation, White Collar Defense and Investigations, and International Trade practice groups. He focuses on representing companies and individuals in government and internal investigations, including clients in the defense, cybersecurity, and national security industries; regulatory matters concerning national security law; and global privacy and data security.
Pursuant to Executive Order 13636, the National Institute of Standards and Technology (“NIST”) established the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, a technology-neutral, voluntary, risk-based cybersecurity framework that includes standards and processes intended to align policy, business, and technological approaches to addressing cybersecurity risks. Four years later, NIST has released an updated version … Continue Reading
Ahead of the upcoming December 31, 2017 deadline for federal defense contractors to implement National Institute of Standards and Technology (“NIST”) Special Publication 800-171 (“SP 800-171”), NIST has released a new draft publication designed to assist organizations in assessing compliance under SP 800-171, Draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information (“CUI”) … Continue Reading
The Department of Defense (“DoD”) held an “Industry Information Day” on June 23, 2017 to address questions regarding DFARS Case 2013-D018 “Network Penetration and Reporting for Cloud Services,” including DFARS clauses 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” and 252.239-7010 “Cloud Computing Services.” DoD’s presentation lasted approximately four hours and covered a wide range of … Continue Reading
On October 4th, the Department of Defense (DoD) issued a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors who have “agreements” with DoD. The Final Rule also highlights DoD’s desire to encourage greater participation in the voluntary Defense Industrial Base (DIB) cybersecurity information sharing program. This Rule is effective on … Continue Reading