Cybersecurity

Last week, the U.S. Cybersecurity and Infrastructure Security Agency released guidance on Security-by-Design and Security-by-Default principles for technology manufacturers that was jointly developed by the Federal Bureau of Investigation and the National Security Agency, as well as cybersecurity authorities in Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand.  The guidance builds on the White

This is the twenty-second in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through January 2023.  This blog describes key actions taken to implement the Cyber EO during February 2023.

Continue Reading February 2023 Developments Under President Biden’s Cybersecurity Executive Order

This is the twenty-first in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through December 2022.  This blog describes key actions taken to implement the Cyber EO during January 2023.

Continue Reading January 2023 Developments Under President Biden’s Cybersecurity Executive Order

This is the twentieth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blogsummarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through November 2022.  This blog describes key actions taken to implement the Cyber EO during December 2022.

Continue Reading December 2022 Developments Under President Biden’s Cybersecurity Executive Order

On January 19, 2023, the National Institute of Standards and Technology (“NIST”) published a Concept Paper setting out “Potential Significant Updates to the Cybersecurity Framework” and requesting public feedback and comments on the proposed revisions by March 3, 2023.  Originally released in 2014 and previously updated in 2018, the NIST CSF is a framework

On December 23, 2022, President Biden signed the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (the “FY2023 NDAA”) into law.  As described in Covington’s Client Alert, FY23 NDAA: Provisions of Interest for Almost All Government Contractors, the FY23 NDAA contains provisions of interest for almost all U.S. Government contractors.  One provision likely to be of particular interest to U.S. contractors who provide or plan to provide cloud computing services to the U.S. Government is the FedRAMP Authorization Act (the “Act”), which codifies the Federal Risk and Authorization Management Program (“FedRAMP”).

Of note, the Act creates a “presumption of adequacy” that cloud providers with authorization from one agency can use that authorization with other agencies. This is an expansion compared to the current process which allows authorizations by the FedRAMP Joint Authorization Board, but not authorizations from individual agencies, to serve as the basis for an agency’s own authorization process.  It also creates the Federal Secure Cloud Advisory Committee, comprised of 15 members of the public and private sector, to provide recommendations regarding FedRAMP and the acquisition of cloud services more generally.

Continue Reading FY2023 NDAA Makes Notable Changes to FedRAMP Program

This is the nineteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to

By: Robert Huffman, Susan Cassidy, Michael Wagner, Ryan Burnette, and Emma Merrill

This is the seventeenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and

This is the sixteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the cyber EO from June 2021 through July 2022.  This blog describes key actions taken to implement the Cyber EO during August 2022.

Continue Reading August 2022 Developments Under President Biden’s Cybersecurity Executive Order

On September 12, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) published a Request for Information, seeking public comment on how to structure implementing regulations for reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”).  Written comments are requested on or before November 14, 2022 and may be submitted through the Federal eRulemaking Portal: http://www.regulations.gov.

Continue Reading CISA Requests Public Comment on Implementing Regulations for the Cyber Incident Reporting for Critical Infrastructure Act