On June 6, 2025, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the “Order”) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for
Continue Reading White House Issues New Cybersecurity Executive OrderCISA Releases AI Data Security Guidance
On May 22, 2025, the Cybersecurity and Infrastructure Security Agency (“CISA”), which sits within the Department of Homeland Security (“DHS”) released guidance for AI system operators regarding managing data security risks. The associated press release explains that the guidance provides “best practices for system operators to mitigate cyber risks through
Continue Reading CISA Releases AI Data Security GuidanceApril 2025 Cybersecurity Developments Under the Trump Administration
This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in April 2025.
NIST Publishes Initial Draft of Guidance for High Performance Computing Systems
U.S. National
Continue Reading April 2025 Cybersecurity Developments Under the Trump AdministrationROUTERS Act on the Horizon: U.S. House Passes New Legislation
Last Monday, April 28, 2025, the House passed a bill titled Removing Our Unsecure Technologies to Ensure Reliability and Security (“ROUTERS”) Act (H.R. 866), which directs the Secretary of Commerce to study national security risks and cybersecurity vulnerabilities “posed by consumer routers, modems, and devices that combine a modem and router, that are designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the influence of a covered country.” Similar to some other recent supply chain requirements imposed on federal contractors, the bill defines “covered countries” by reference to 10 U.S.C. 4872, which prohibits the acquisition of sensitive materials from North Korea, Russia, Iran, and China.Continue Reading ROUTERS Act on the Horizon: U.S. House Passes New Legislation
March 2025 Cybersecurity Developments Under the Trump Administration
This is the second blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in March 2025.
Trump Administration Executive Order on Achieving Efficiency
On March 19, 2025, the Trump
Continue Reading March 2025 Cybersecurity Developments Under the Trump AdministrationJanuary and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations
This is the first in a new series of Covington blogs on cybersecurity policies, executive orders, and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in January and February 2025. Below, we outline three developments affecting cybersecurity in January and February 2025, including one from the Biden Administration, which has not been rescinded.
Biden Administration Issues Second Cybersecurity Executive Order
On January 16, in one of the final acts of the Biden Administration, the White House issued Executive Order (”EO”) 14144 on “Strengthening and Promoting Innovation in the Nation’s Cybersecurity.” EO 14144 expands on the National Cybersecurity Strategy and EO 14028, Improving the Nation’s Cybersecurity, which we first previously wrote about here. This new EO requires a range of additional security enhancements to U.S. government and supporting digital infrastructure, including improving accountability for software and cloud service providers, strengthening the security of Federal communications and identity management systems, and promoting innovative developments and use of emerging technologies for cybersecurity across agencies and with the private sector. Continue Reading January and February 2025 Cybersecurity Developments Under the Biden and Trump Administrations
FY2025 NDAA: Congressional Efforts to Bolster U.S. Resilience Against Chinese Tech and Influence
The FY 2025 National Defense Authorization Act (“NDAA”) sustains Congress’s continued focus on countering China’s expanding influence and enhancing U.S. resilience in an era of great power competition. This year’s legislation reflects the practice of carrying the State Department and Intelligence Authorization Acts within the NDAA—marking the third consecutive year that these critical measures have been advanced in tandem. The Foreign Relations and Intelligence Committees in both chambers of Congress have increasingly adopted the Armed Services Committees’ playbook, embedding China-focused legislation modeled on past defense measures in their respective authorizations. This blog examines key provisions designed to address what Congress views as strategic challenges posed by China while closing loopholes that could confer military, economic, or technological advantages to Beijing. We divide these provisions into the following five categories: (1) provisions that address potential security risks linked to Chinese-origin technology; (2) provisions that limit the transfer of U.S. technology or data to China; (3) so-called “time to choose” provisions that curtail Department of Defense (“DoD”) engagement with third parties that engage with China; (4) provisions that tackle a range of broader geopolitical concerns; and (5) studies and reports to identify emerging issues and concerns.
Continue Reading FY2025 NDAA: Congressional Efforts to Bolster U.S. Resilience Against Chinese Tech and Influence
FAR Council Proposes New FAR CUI Rule
On January 15, 2025, the Federal Acquisition Regulation (“FAR”) Council proposed a new FAR Controlled Unclassified Information (“CUI”) rule (“proposed rule”) to establish uniform requirements for handling CUI with broad applicability to solicitations and contracts across the federal government.
The proposed rule, in development for roughly a decade, represents a
Continue Reading FAR Council Proposes New FAR CUI RulePresident Biden signs the National Defense Authorization Act for Fiscal Year 2025
This is the first blog in a series covering the Fiscal Year 2025 National Defense Authorization Act (“FY 2025 NDAA”). This first blog will cover: (1) NDAA sections affecting acquisition policy and contract administration that may be of greatest interest to government contractors; (2) initiatives that underscore Congress’s commitment to strengthening cybersecurity, both domestically and internationally; and (3) NDAA provisions that aim to accelerate the Department of Defense’s adoption of AI and Autonomous Systems and counter efforts by U.S. adversaries to subvert them.
Continue Reading President Biden signs the National Defense Authorization Act for Fiscal Year 2025
November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken
Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy