This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in March 2025.
Trump Administration Executive Order on Achieving Efficiency
On March 19, 2025, the Trump
Continue Reading March 2025 Cybersecurity Developments Under the Trump AdministrationThis is the first in a new series of Covington blogs on cybersecurity policies, executive orders, and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in January and February 2025. Below, we outline three developments affecting cybersecurity in January and February 2025, including one from the Biden Administration, which has not been rescinded.
Biden Administration Issues Second Cybersecurity Executive Order
On January 16, in one of the final acts of the Biden Administration, the White House issued Executive Order (”EO”) 14144 on “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.” EO 14144 expands on the National Cybersecurity Strategy and EO 14028, Improving the Nation’s Cybersecurity, which we first previously wrote about here. This new EO requires a range of additional security enhancements to U.S. government and supporting digital infrastructure, including improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and use of emerging technologies for cybersecurity across agencies and with the private sector. Continue Reading January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations
On January 15, 2025, the Federal Acquisition Regulation (“FAR”) Council proposed a new FAR Controlled Unclassified Information (“CUI”) rule (“proposed rule”) to establish uniform requirements for handling CUI with broad applicability to solicitations and contracts across the federal government.
The proposed rule, in development for roughly a decade, represents a
Continue Reading FAR Council Proposes New FAR CUI RuleThis is the first blog in a series covering the Fiscal Year 2025 National Defense Authorization Act (“FY 2025 NDAA”). This first blog will cover: (1) NDAA sections affecting acquisition policy and contract administration that may be of greatest interest to government contractors; (2) initiatives that underscore Congress’s commitment to strengthening cybersecurity, both domestically and internationally; and (3) NDAA provisions that aim to accelerate the Department of Defense’s adoption of AI and Autonomous Systems and counter efforts by U.S. adversaries to subvert them.
Continue Reading President Biden signs the National Defense Authorization Act for Fiscal Year 2025
This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken
Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity StrategyThis is part of a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by
Continue Reading October 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity StrategyOn October 15, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published software bill of materials (“SBOM”) guidance through the third edition of Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) (dated September 3, 2024) (the “Guidance”). The Guidance provides “a minimum expectation for creating
Continue Reading CISA Releases Guidance on Minimum Expectations for Software Bill of MaterialsOn Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”). This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory. The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department. It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.Continue Reading Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations