Cybersecurity News

FedRAMP Update – New Approach(es) to Authorization on the Way April 3, 2025
On Monday, March 24, 2025, the General Services Administration (GSA) launched FedRAMP 20x, as an effort to automate parts of the program and create collaboration with the industry to improve authorization process for cloud providers looking to work with the federal government.
Cozen O'Connor
FDIC Removes Roadblocks to Crypto Activities in the Banking Sector April 3, 2025
New FDIC guidance permits crypto activities by supervised institutions without prior approval, emphasizing risk management and compliance with applicable laws and regulations.
Latham & Watkins LLP
DOJ: ‘False Claims Act + Cybersecurity’ Is Here To Stay April 3, 2025
Amid ongoing policy shifts in Washington, the federal government’s interest in pursuing civil cyber-fraud cases appears to be here to stay. In October 2021, the Department of Justice (DOJ) initiated its Civil Cyber-Fraud Initiative focused on using the False Claims Act (FCA) “to combat new and emerging cyber threats to the security of sensitive information […]
Mintz - Privacy & Cybersecurity Viewpoints
Karl Malone Auto Group Files Notice of Recent Data Breach April 3, 2025
On March 31, 2025, KMAM Management LLC d/b/a Karl Malone Auto Group filed a notice of data breach with the Attorney General of New Hampshire after discovering that certain files on the company’s network were acquired without authorization. In this notice, Karl Malone Auto Group explains that the incident resulted in an unauthorized party being […]
Console and Associates, P.C.
Legal Investigations: Digging Deeper into White-Collar Crime and Financial Crime April 2, 2025
White-collar and financial crimes have risen sharply, with the U.S. DOJ reporting a 300% increase in monetary recoveries in 2024. Successful investigations now require a proactive and adaptable approach to detect and prevent fraud, using traditional methods alongside advanced tools like cyber forensics, blockchain analysis, and deep-web intelligence to stay ahead of evolving fraud tactics.
StoneTurn
European Competition Law Newsletter – April 2025 April 2, 2025
UK CMA Imposes Fines for Information Exchanges Affecting Labour Markets - On 21 March 2025, the UK Competition and Markets Authority (CMA) announced fines on four UK broadcast and production companies for engaging in illegal exchanges of information. The case is the CMA’s first competition law infringement decision concerning labour markets.
McGuireWoods LLP
Business resiliency needs to take centerstage if you want to keep pace with cyber threats and supply chain disruptions April 2, 2025
2024 was a year of numerous and notable cybersecurity failures – although, to be fair, most years are now marred by numerous and notable cybersecurity failures. That’s no longer anything special. What makes 2024 interesting is that its biggest cybersecurity incidents weren’t just compliance failures; they were operational failures of the highest order.
NAVEX
Navigating AI Governance and Security in the Age of Generative AI April 2, 2025
On 26 March 2025, K2 Integrity hosted a webinar discussing generative AI, its associated risks, governance strategies, and the future trajectory of AI adoption. The webinar featured Jason Straight, senior managing director and leader of the Cyber Resilience and Digital Investigations practice at K2 Integrity; Maggie Rose, vice president of client solutions at K2 Integrity; […]
K2 Integrity
Federal “Information Silos” Protect Privacy - A New Executive Order Threatens Them April 2, 2025
On March 20, President Trump signed an Executive Order titled Stopping Waste, Fraud, and Abuse by Eliminating Information Silos, which calls for federal officials “to have full and prompt access to all unclassified agency records, data, software systems, and information technology systems…for purposes of pursuing Administration priorities related to the identification and elimination of waste, […]
Lathrop GPM
Banking Agencies Begin Publishing Updated Crypto Guidance April 2, 2025
On March 28, the Federal Deposit Insurance Corporation (FDIC) rescinded Biden administration guidance related to state-chartered banks' participation in "crypto-related activities" and published a new interpretation of the scope of permissible crypto activity for the insured depository institutions for which it is the primary regulator (the Crypto Letter). As discussed below, while similar to guidance issued by […]
Katten Muchin Rosenman LLP

CMMC News

Crossing Administrations: The Focus on Federal Cybersecurity Continues March 20, 2025
Federal contractors, including defense contractors, should prepare for the emergence of new requirements in the coming months that are designed to strengthen software supply chain security, impose more stringent cybersecurity obligations, combat cybercrime, and encourage the development of more advanced identity verification technology.
Goodwin
DOJ Signals Continued Robust Enforcement of the False Claims Act In the New Administration March 10, 2025
This year, at the Federal Bar Association’s (FBA) annual Qui Tam Conference, United States Department of Justice (DOJ) leadership confirmed that DOJ will remain committed to aggressive enforcement of the False Claims Act (FCA). The FCA has long been used by DOJ and whistleblowers as a tool to root out fraud in government programs. DOJ […]
Morrison & Foerster LLP
Navigating CMMC Compliance and Key Insights from the National 8(a) Small Business Conference February 26, 2025
The recent National 8(a) Small Business Conference underscored pressing challenges and critical updates regarding the Cybersecurity Maturity Model Certification (CMMC) Program, now in an advanced phase known as CMMC 2.0. The conference highlighted the growing urgency for Department of Defense (DoD) contractors to achieve CMMC compliance amidst a significant shortage of qualified assessors.
Womble Bond Dickinson
DOJ Officials Commit to Aggressive FCA Enforcement, Signal Its Value and Direction February 25, 2025
In remarks delivered at the Federal Bar Association’s (FBA) annual Qui Tam Section Conference, Deputy Assistant Attorney General Michael Granston reiterated the US Department of Justice’s (DOJ or the Department) commitment to robust enforcement of the federal False Claims Act (FCA). The message to conference attendees was clear: the fraud section’s “return on investment” makes […]
Morgan Lewis
New CMMC 2.0 Guidance Issued February 20, 2025
The Department of Defense (DoD) recently issued a memo titled, "Implementing the Cybersecurity Maturity Model Certification (CMMC) Program: Guidance for Determining Appropriate CMMC Compliance Assessment Levels and Process for Waiving CMMC Assessment Requirements." The memo reinforces existing information regarding the Controlled-Unclassified Information (CUI)-centric cybersecurity program but also brings into the fold some interesting points the […]
Morris, Manning & Martin, LLP
What CMMC Level Do I Need? The Department of Defense Issues New Guidance for Determining Appropriate CMMC Compliance Level February 19, 2025
The Department of Defense (“DOD”) recently issued new guidance outlining how it will determine Cybersecurity Maturity Model Certification (“CMMC”) levels for its solicitations and contracts. Prior to this guidance, contractors generally understood that contracts with only Federal Contract Information (“FCI”) would require a CMMC Level 1 self-assessment; contracts with Controlled Unclassified Information (“CUI”) would require […]
Blank Rome LLP
[Webcast Transcript] Protect Sensitive Data and Control Costs: An eDiscovery Blueprint for the Construction Industry February 7, 2025
Editor’s Note: The recent HaystackID® webcast, “Protect Sensitive Data and Control Costs: An eDiscovery Blueprint for the Construction Industry,” explored the challenges of managing vast and complex construction data while ensuring compliance and cost control. Experts shared insights on leveraging AI-driven solutions, including generative AI (GenAI), domain analysis, and technology-assisted review (TAR), to streamline document […]
HaystackID
What’s New – FAR Council Publishes Proposed Rules Concerning CUI and OCIs February 5, 2025
On January 15, 2025, the Federal Acquisition Regulatory Council (FAR Council) proposed two significant rule changes that could reshape compliance obligations for government contractors: one establishing standardized safeguards for Controlled Unclassified Information (CUI) and another updating the framework for addressing organizational conflicts of interest (OCI). These proposed rules aim to bring long-needed clarity and consistency […]
White & Case LLP
All is Fair in Love and Trade War: Valentine's Day Predictions for What Comes Next in U.S. National Security Law January 31, 2025
As we head toward Valentine’s Day 2025, everywhere you look, love is all around. Washington, D.C., is no exception—the White House and government agencies seem to be proudly displaying their ardor for changing the country’s national security policies and practices.
Wilson Sonsini Goodrich & Rosati
At Long Last – The FAR CUI Rule is Here! January 30, 2025
The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of the Government’s broader efforts to identify, detect, and respond to ever-evolving threats targeting Federal contractors.
Sheppard Mullin Richter & Hampton LLP