Cybersecurity News

FinReg Currents - Week 11 April 4, 2025
On April 1, 2025, the House Financial Services Committee issued a press release regarding a number of Committee requests to various federal agencies for rescission, modification, or re-proposal of specific Biden Administration financial services-related actions. With regard to the CFPB, the Committee has sent two letters to Acting Director Russell Vought.
Morrison & Foerster LLP
Will the SEC Retract Its Cybersecurity Disclosure and Pay vs. Performance Rules? April 4, 2025
Earlier this week, Republican members of the House Committee on Financial Services sent this letter to the SEC asking that it retract a total of 14 adopted – and proposed – rules. Among this list are two that Corp Fin ushered through the rulemaking process over the past few years: the cybersecurity disclosure rules and […]
Cooley LLP
Update: DOJ and CISA Issue New National Security Program to Regulate Foreign Access to Sensitive Data April 4, 2025
On January 8, 2025, the U.S. Department of Justice (Department or DOJ) issued new rules required by then-President Biden’s February 2024 Executive Order (EO) 14117 to establish a new regulatory framework aimed at “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.”
Wiley Rein LLP
What DeepSeek Can Teach Legal Teams About Creating Stronger GenAI Policies April 4, 2025
The instant popularity of China’s DeepSeek-V3 generative artificial intelligence model underscores why companies should craft stronger GenAI policies that minimize the risks of employees exposing sensitive data, violating compliance regulations, and harming their companies’ brand images. Originally published in Today's General Counsel - April 2, 2025.
Rumberger | Kirk
Rebranding of SEC Cyber Unit Reflects Shift in Enforcement Priorities April 4, 2025
On Thursday, February 20, the U.S. Securities and Exchange Commission (“SEC”) announced that it created a Cyber and Emerging Technologies Unit (“CETU”) to combat cyber-focused financial misconduct. The announcement reflects a (re)rebranding of the unit and forecasts a shift in the SEC’s overall regulatory and enforcement priorities. The Cyber Unit, originally established by the SEC […]
King & Spalding
Latest FCA Cybersecurity Settlement Shows Enforcement Remains a Priority Under Trump Administration April 4, 2025
Share on Twitter Print Share by Email Share Back to top A recent United States Department of Justice (DOJ) announcement reinforces that enforcement of cybersecurity requirements under the False Claims Act (FCA) remains an ongoing risk. According to the press release, defense contractor MORSECORP Inc. (MORSE) agreed to pay US$4.6 million to resolve a FCA […]
Foley & Lardner LLP
CISA Issues Malware Analysis Report on RESURGE Malware April 4, 2025
On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure.
Robinson+Cole Data Privacy + Security Insider
Charting a Human-Centered Future in the Age of Artificial Intelligence: Part Two April 4, 2025
The Historical Context of Technological Revolutions - “I think that human beings have gotten as far as we've gotten because of our adaptability, our ability to adapt, and our ability to dovetail our technologies - our brains to our tools. With the Industrial Revolution, we transcended the limits of our muscles.
Morris, Manning & Martin, LLP
Kelly Benefits Notifies Guardian Life Insurance Customers of Data Breach Affecting Their Sensitive Information April 3, 2025
On April 1, 2025, Kelly & Associates Insurance Group, Inc. d/b/a Kelly Benefits (“Kelly Benefits”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that its network was subject to unauthorized access. In this notice, Kelly Benefits explains that the incident resulted in an unauthorized party being able to access […]
Console and Associates, P.C.
Low-Budget, High-Impact Ways to Reduce Privacy and Cybersecurity Risks in 2025‎ April 3, 2025
1. Know What Laws Apply to your Organization It’s not surprising many leaders are unsure about which new laws or regulations apply to their organization. Privacy and security laws, particularly in the U.S., have changed dramatically in the last few years. As a business grows, expands into new states or countries, adds new services, or […]
Schwabe, Williamson & Wyatt PC

CMMC News

Weekly Update for Government Contractors and Commercial Businesses – April 2025 April 3, 2025
SBA’s 180-Day Recertification Rule: Clarifying the Meaning of “Offer” in Size Determinations - In a recent decision by the U.S. Small Business Administration (SBA) Office of Hearings and Appeals (OHA), the Size Appeal of Secise, LLC, SBA No. SIZ-6337 (Feb. 19, 2025) clarified an important exception to the general rule for determining a firm’s size status. The ruling […]
PilieroMazza PLLC
Crossing Administrations: The Focus on Federal Cybersecurity Continues March 20, 2025
Federal contractors, including defense contractors, should prepare for the emergence of new requirements in the coming months that are designed to strengthen software supply chain security, impose more stringent cybersecurity obligations, combat cybercrime, and encourage the development of more advanced identity verification technology.
Goodwin
DOJ Signals Continued Robust Enforcement of the False Claims Act In the New Administration March 10, 2025
This year, at the Federal Bar Association’s (FBA) annual Qui Tam Conference, United States Department of Justice (DOJ) leadership confirmed that DOJ will remain committed to aggressive enforcement of the False Claims Act (FCA). The FCA has long been used by DOJ and whistleblowers as a tool to root out fraud in government programs. DOJ […]
Morrison & Foerster LLP
Navigating CMMC Compliance and Key Insights from the National 8(a) Small Business Conference February 26, 2025
The recent National 8(a) Small Business Conference underscored pressing challenges and critical updates regarding the Cybersecurity Maturity Model Certification (CMMC) Program, now in an advanced phase known as CMMC 2.0. The conference highlighted the growing urgency for Department of Defense (DoD) contractors to achieve CMMC compliance amidst a significant shortage of qualified assessors.
Womble Bond Dickinson
DOJ Officials Commit to Aggressive FCA Enforcement, Signal Its Value and Direction February 25, 2025
In remarks delivered at the Federal Bar Association’s (FBA) annual Qui Tam Section Conference, Deputy Assistant Attorney General Michael Granston reiterated the US Department of Justice’s (DOJ or the Department) commitment to robust enforcement of the federal False Claims Act (FCA). The message to conference attendees was clear: the fraud section’s “return on investment” makes […]
Morgan Lewis
New CMMC 2.0 Guidance Issued February 20, 2025
The Department of Defense (DoD) recently issued a memo titled, "Implementing the Cybersecurity Maturity Model Certification (CMMC) Program: Guidance for Determining Appropriate CMMC Compliance Assessment Levels and Process for Waiving CMMC Assessment Requirements." The memo reinforces existing information regarding the Controlled-Unclassified Information (CUI)-centric cybersecurity program but also brings into the fold some interesting points the […]
Morris, Manning & Martin, LLP
What CMMC Level Do I Need? The Department of Defense Issues New Guidance for Determining Appropriate CMMC Compliance Level February 19, 2025
The Department of Defense (“DOD”) recently issued new guidance outlining how it will determine Cybersecurity Maturity Model Certification (“CMMC”) levels for its solicitations and contracts. Prior to this guidance, contractors generally understood that contracts with only Federal Contract Information (“FCI”) would require a CMMC Level 1 self-assessment; contracts with Controlled Unclassified Information (“CUI”) would require […]
Blank Rome LLP
[Webcast Transcript] Protect Sensitive Data and Control Costs: An eDiscovery Blueprint for the Construction Industry February 7, 2025
Editor’s Note: The recent HaystackID® webcast, “Protect Sensitive Data and Control Costs: An eDiscovery Blueprint for the Construction Industry,” explored the challenges of managing vast and complex construction data while ensuring compliance and cost control. Experts shared insights on leveraging AI-driven solutions, including generative AI (GenAI), domain analysis, and technology-assisted review (TAR), to streamline document […]
HaystackID
What’s New – FAR Council Publishes Proposed Rules Concerning CUI and OCIs February 5, 2025
On January 15, 2025, the Federal Acquisition Regulatory Council (FAR Council) proposed two significant rule changes that could reshape compliance obligations for government contractors: one establishing standardized safeguards for Controlled Unclassified Information (CUI) and another updating the framework for addressing organizational conflicts of interest (OCI). These proposed rules aim to bring long-needed clarity and consistency […]
White & Case LLP
All is Fair in Love and Trade War: Valentine's Day Predictions for What Comes Next in U.S. National Security Law January 31, 2025
As we head toward Valentine’s Day 2025, everywhere you look, love is all around. Washington, D.C., is no exception—the White House and government agencies seem to be proudly displaying their ardor for changing the country’s national security policies and practices.
Wilson Sonsini Goodrich & Rosati