This is the thirtieth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to
Cybersecurity
September 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is the twenty-ninth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through August 2023. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during September 2023. Continue Reading September 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
FAR Cyber Threat and Incident Reporting and Information Sharing Rule
Posted in Cybersecurity, Defense Industry
On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, titled “Cyber Threat and Incident Reporting and Information Sharing,” adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, which we will cover in a separate blog post, is titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” and covers cybersecurity contractual requirements for unclassified Federal information systems.
Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through September 2023. This blog describes key requirements imposed by the proposed “Cyber Threat and Incident Reporting and Information Sharing” rule.Continue Reading FAR Cyber Threat and Incident Reporting and Information Sharing Rule
Key Cyber Security and Software Security Provisions of the House and Senate Versions of the Fiscal Year (FY) 2024 National Defense Authorization Act (NDAA)
Following our recent overview of topics to watch in the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2024, available here, we continue our coverage with a “deep dive” into NDAA provisions related to cybersecurity and software security in each of the Senate and House bills. For the past three years, the NDAA has dedicated a separate Title to cyber and cybersecurity, reflecting the increased importance of these issues in Department of Defense (“DoD”) operations. As expected, both the Senate and House versions of the NDAA bill continue this tradition. Many of the cyberspace related provisions in both chambers’ bills would have direct or indirect impacts on DoD contractors and other members of the Defense Industrial Base (“DIB”). We summarize below the cyber-related provisions that are most likely to impact the DIB. Continue Reading Key Cyber Security and Software Security Provisions of the House and Senate Versions of the Fiscal Year (FY) 2024 National Defense Authorization Act (NDAA)
August 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is the twenty-eighth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through July 2023. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during August 2023. Continue Reading August 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
July 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is the twenty-seventh in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through June 2023. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during July 2023. Continue Reading July 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
June 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is the twenty-sixth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to…
DHS Releases Final Rule on Safeguarding CUI After Six Year Wait
Posted in Cybersecurity
On June 21, 2023, DHS published a final rule that amends the Homeland Security Acquisition Regulation (HSAR) both by modifying the existing regulations through removing and updating existing clauses and by adding new contract clauses to include certain requirements for the safeguarding of Controlled Unclassified Information (CUI). The final rule, first released in proposed form…
May 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is the twenty-fifth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through April 2023. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during May 2023. Continue Reading May 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
April 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy
This is the twenty-fourth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through March 2023. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during April 2023. Continue Reading April 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy