By: Robert Huffman, Susan Cassidy, Michael Wagner, Ryan Burnette, and Emma Merrill
This is the seventeenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and
This is the sixteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the cyber EO from June 2021 through July 2022. This blog describes key actions taken to implement the Cyber EO during August 2022.
Continue Reading August 2022 Developments Under President Biden’s Cybersecurity Executive Order
On September 14, 2022, the Director of the Office of Management and Budget (“OMB”) issued a memorandum to the heads of executive branch departments and agencies addressing the enhancement of security of the federal software supply chain. The memorandum applies to all software (other than agency-developed software) developed or experiencing major version changes to be operated “on the agency’s information systems or otherwise affecting the agency’s information,” and requires new self-attestations from software vendors before that software can be used by agencies.
The memorandum is one among many deliverables stemming from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts, with the first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through August 2022. Key requirements of the memorandum are discussed in more detail below.
This is the fifteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through June 2022. This blog describes key actions taken to implement the Cyber EO during July 2022.
Continue Reading July 2022 Developments under President Biden’s Cybersecurity Executive Order
On August 25, 2022, the Department of Defense (“DOD”) published — with immediate effect — two new Defense Federal Acquisition Regulation Supplement (“DFARS”) clauses requiring defense prime contractors and subcontractors disclose any work in China on certain DOD contracts. Under the interim rule, the DOD is prohibited from awarding or extending certain new contracts if a contractor fails to disclose its use of workers in China in performance of a covered DOD contract. Although there is no prohibition on DOD awarding a covered contract to an entity that makes a disclosure, the Department can rely on a variety of authorities to exclude certain contractors and products that represent supply chain risks, especially if the products or services involve information technology.
Continue Reading New DFARS Clauses Require Defense Contractors to Disclose Work Performed in China
This is the fourteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through May 2022. This blog describes key actions taken to implement the Cyber EO during June 2022.
Continue Reading June 2022 Developments Under President Biden’s Cybersecurity Executive Order
This is the thirteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs describe the actions taken by various Government agencies to implement the Cyber EO from June 2021 through April 2022. This blog reflects on the one year anniversary of the Cyber EO and discusses the status of various implementation activities. It also describes key actions taken to implement the Cyber EO during May 2022.
This is the twelfth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the second through eleventh blogs describe the actions taken by various Government agencies to implement the Cyber EO from June 2021 through March 2022, respectively. This blog summarizes key actions taken to implement the Cyber EO during April 2022. As with the steps taken during prior months, the actions described below reflect the implementation of the EO within the Government. However, these activities portend further actions, potentially in or before June 2022, that are likely to impact government contractors, particularly those who provide software products or services to the Government.
Continue Reading April 2022 Developments Under President Biden’s Cybersecurity Executive Order
This is the eleventh in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the second through tenth blogs described the actions taken by various Government agencies to implement the EO from June 2021 through February 2022, respectively. This blog summarizes key actions taken to implement the Cyber EO during March 2022. As with steps taken during prior months, the actions described below reflect the implementation of the EO within the Government. However, these activities portend further actions, potentially in or before June 2022, that are likely to impact government contractors, particularly those who provide software products or services to the Government.
Continue Reading March 2022 Developments Under President Biden’s Cybersecurity Executive Order
This is the tenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the second, third, fourth, fifth, sixth, seventh, eighth, and ninth blogs described the actions taken by various Government agencies to implement the EO from June 2021 through January 2022, respectively.
This blog summarizes key actions taken to implement the Cyber EO during February 2022. As with steps taken during prior months, the actions described below reflect the implementation of the EO within the Government. However, these activities portend further actions in March 2022 that are likely to impact government contractors, particularly those who provide software products or services to government agencies.
Continue Reading February 2022 Developments Under President Biden’s Cybersecurity Executive Order