Photo of Krissy Chapman

Krissy Chapman

Kristen “Krissy” Chapman is an associate in the firm’s Washington, DC office. She represents and advises clients on a range of cybersecurity, data privacy, and government contracts issues, including cyber and data security incident response and preparedness, cross-border privacy law, government and internal investigations, and regulatory compliance.

Prior to joining the firm, Krissy served as a consultant in both the private and public sectors, advising clients across a range of industries, including transportation and infrastructure, life sciences and healthcare, and national security.

Contact:Read more about Krissy ChapmanEmail

On December 11, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) released its Cybersecurity Performance Goals 2.0 (“CPG 2.0”), an update to its core set of recommended cybersecurity practices for critical infrastructure owners and operators, which we previously wrote about here.  Established by the 2021 National Security Memorandum

Continue Reading CISA Releases Cybersecurity Performance Goals 2.0 for Critical Infrastructure

This is the seventh blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The sixth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in August, September

Continue Reading August, September, and October 2025 Cybersecurity Developments Under the Trump Administration

Now that the final Cybersecurity Maturity Model Certification (CMMC) Program and Procurement Rules have been issued by the Department of War (DoW) (see our CMMC Toolkit for in-depth analysis of these Rules) and the CMMC Program is set to begin in earnest, there is some uncertainty in industry as to

Continue Reading How Will DoW Determine Which Level of CMMC Applies to My Agreement?

This blog post discusses the Department of Defense’s (“DoD”) new cybersecurity rule that imposes certain cybersecurity requirements on relevant DoD contractors and subcontractors. The post will be of interest to all DoD contractors, subcontractors, and possibly affiliates of contractors that may be impacted by the new rule’s cybersecurity requirements.

On

Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced

This is the sixth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The fifth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in July 2025. 

Continue Reading July 2025 Cybersecurity Developments Under the Trump Administration

In a recently announced settlement agreement with the U.S. Department of Justice (“DOJ”), Illumina, Inc. (“Illumina”) agreed to pay $9.8 million to resolve claims arising from alleged cybersecurity vulnerabilities in genomic sequencing systems that the company sold to federal agencies.  The case is the latest in a series of False

Continue Reading Latest Cybersecurity False Claims Act Settlement with Diagnostics Provider Focuses on Sensitive Health Systems

This is the fifth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration.  The fourth blog is available here and our initial blog is available here.  This blog describes key cybersecurity developments that took place in June 2025. 

Continue Reading June 2025 Cybersecurity Developments Under the Trump Administration

This is the fourth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in May 2025. 

CISA Releases AI Data Security Guidance

On May 22, the Cybersecurity and Infrastructure

Continue Reading May 2025 Cybersecurity Developments Under the Trump Administration

On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the “Order”) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for

Continue Reading White House Issues New Cybersecurity Executive Order

This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration.  This blog describes key cybersecurity developments that took place in April 2025. 

NIST Publishes Initial Draft of Guidance for High Performance Computing Systems

U.S. National

Continue Reading April 2025 Cybersecurity Developments Under the Trump Administration