Cybersecurity News

Wave Goodbye to the Waiver Debate: Court Holds Data Breach Investigation Report Not Work Product from the Start May 17, 2025
Litigants in data breach class actions often fight over whether a data breach investigation report prepared in response to the breach is protected by the work-product doctrine. Common areas of dispute include whether the report was prepared in whole or in part for business—not legal—purposes, and whether the report relays facts that are not discernable […]
Alston & Bird
847 Awaiting Takeoff: DCSA Issues Guidance on Expanded Scope of FOCI Assessments May 17, 2025
Section 847, which will expand foreign ownership, control or influence requirements to non-classified contracts, is on track for implementation in 2026. Section 847 of the National Defense Authorization Act for FY 2020 directs the Department of Defense (DoD) to move forward with proposing a new Defense Federal Acquisition Regulation Supplement (DFARS) rule that would expand […]
Pillsbury Winthrop Shaw Pittman LLP
The Digital Download – Alston & Bird’s Privacy & Data Security Newsletter – May 2025 May 17, 2025
Selected U.S. Privacy & Cyber Updates - DOJ Settles False Claims Act Case with MORSECORP over Cybersecurity Program - On March 26, 2025, the U.S. Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. to settle alleged violations of the False Claims Act, specifically involving MORSE’s cybersecurity program.
Alston & Bird
Employees Hiding Use of AI Tools at Work May 17, 2025
A new study by Ivanti illustrates that one out of three workers secretly use artificial intelligence (AI) tools in the workplace. They do so for varying reasons, including “I like a secret advantage,” “My job might be reduced/cut,” “My employer has no AI usage policy,” “My boss might give me more work,” “I don’t want […]
Robinson+Cole Data Privacy + Security Insider
California Privacy Protection Agency Releases Updated Regulations: What’s Next? May 17, 2025
This month, the California Privacy Protection Agency (CPPA) Board discussed updates to the California Consumer Privacy Act (CCPA) draft regulations related to cybersecurity audits, risk assessments, automatic decision-making technology (ADMT), and insurance.
Robinson+Cole Data Privacy + Security Insider
The Importance of Culture in an Effective Cybersecurity Program May 16, 2025
While technology plays a pivotal role in cybersecurity, the human element is equally crucial. An organization's culture can significantly influence the effectiveness of its cybersecurity measures. A strong cybersecurity culture fosters an environment where security is prioritized, and all employees understand their role in protecting the organization’s assets.
Ankura
As the (Customs and Trade) World Turns: May 2025 May 16, 2025
Welcome to the May 2025 issue of “As the (Customs and Trade) World Turns,” our monthly newsletter where we compile essential updates from the customs and trade world over the past month. We bring you the most recent and significant insights in an accessible format, concluding with our main takeaways — aka “And the Fox […]
ArentFox Schiff
EU Cyber Resilience Act: How to Prepare Now May 16, 2025
The EU Cyber Resilience Act (CRA), adopted by the European Parliament in 2024, marks a major milestone in European cybersecurity legislation. As the first EU-wide law focused on the cybersecurity of digital products, it establishes mandatory requirements for manufacturers, importers, and distributors of Products with Digital Elements (PDEs). Its primary goal is to minimize vulnerabilities […]
Mitratech Holdings, Inc
Virginia Will Add to Patchwork of Laws Governing Social Media and Children (For Now?) May 16, 2025
Virginia’s governor recently signed into law a bill that amends the Virginia Consumer Data Protection Act. As revised, the law will include specific provisions impacting children’s use of social media. Unless contested, the changes will take effect January 1, 2026. Courts have struck down similar laws in other states (see our posts about those in […]
Sheppard Mullin Richter & Hampton LLP
The Academic Advisor - Education Law Insights, Issue 4, May 2025 May 16, 2025
Welcome to our fourth issue of The Academic Advisor for 2025. In this edition, we cover the following topics of interest for schools, institutions of higher education, and other education-focused organizations: - How a settlement victory for Maine affects Title IX and state law protections on the basis of gender identity; - The restart of […]
Spilman Thomas & Battle, PLLC

CMMC News

Cybersecurity in the First 100 Days May 2, 2025
This week, the Trump Administration reached the 100-day mark—a significant milestone in any presidential term wherein key administrative priorities and objectives are promulgated. Perhaps unsurprisingly, cybersecurity stands out as an area of heightened focus and attention.
WilmerHale
The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters April 28, 2025
On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation.
McCarter & English Blog: Government Contracts & Export Controls
Key Legal Issues Facing U.S. Government Contractors in 2025 April 15, 2025
As the regulatory environment continues to evolve in the new administration, U.S. government contractors are facing an increasingly complex array of legal challenges. Staying compliant and competitive requires close attention to several ongoing legal issues in addition to emerging ones: 1. Cybersecurity Compliance and CMMC Implementation - Cybersecurity remains a top priority for federal agencies, […]
Bradley Arant Boult Cummings LLP
[Webinar] CMMC 2.0 – What All Companies Need to Know About the New Federal Requirements - April 24th, 12:00 pm - 1:15 pm CT April 10, 2025
Please join Vinson & Elkins, Gray Analytics, and keynote speaker Stacy Bostjanick of the Department of Defense (DoD) Office of the Chief Information Officer for a CLE discussing the new Cybersecurity Maturity Model Certification (CMMC) 2.0 program for defense contractors. Among other relevant issues, the CLE will cover the regulatory landscape, legal obligations, and compliance […]
Vinson & Elkins LLP
The Vendor Onboarding Process: Keys to Success April 9, 2025
What Is Vendor Onboarding? Vendor onboarding is the process of establishing a company as an approved provider of technology, goods, or services to your organization. It’s also an essential early step in the vendor risk management lifecycle.
Mitratech Holdings, Inc
Industrials Regulatory News and Trends - April 2025 April 5, 2025
Welcome to Industrials Regulatory News and Trends. In this regular bulletin, DLA Piper lawyers provide concise updates on key developments in the industrials sector to help you navigate the ever-changing business, legal, and regulatory landscape.
DLA Piper
Government Contractor Settles FCA Case Over Cybersecurity Maturity Model Certification Violations April 4, 2025
On March 26, 2025, the Department of Justice (DOJ) entered into a settlement agreement with MORSECORP, Inc. (MORSE), resolving False Claims Act (FCA) allegations that MORSE submitted false claims for payment under Department of Defense (DOD) contracts between January 1, 2018, and February 28, 2023.
Skadden, Arps, Slate, Meagher & Flom LLP
Weekly Update for Government Contractors and Commercial Businesses – April 2025 April 3, 2025
SBA’s 180-Day Recertification Rule: Clarifying the Meaning of “Offer” in Size Determinations - In a recent decision by the U.S. Small Business Administration (SBA) Office of Hearings and Appeals (OHA), the Size Appeal of Secise, LLC, SBA No. SIZ-6337 (Feb. 19, 2025) clarified an important exception to the general rule for determining a firm’s size status. The ruling […]
PilieroMazza PLLC
Crossing Administrations: The Focus on Federal Cybersecurity Continues March 20, 2025
Federal contractors, including defense contractors, should prepare for the emergence of new requirements in the coming months that are designed to strengthen software supply chain security, impose more stringent cybersecurity obligations, combat cybercrime, and encourage the development of more advanced identity verification technology.
Goodwin
DOJ Signals Continued Robust Enforcement of the False Claims Act In the New Administration March 10, 2025
This year, at the Federal Bar Association’s (FBA) annual Qui Tam Conference, United States Department of Justice (DOJ) leadership confirmed that DOJ will remain committed to aggressive enforcement of the False Claims Act (FCA). The FCA has long been used by DOJ and whistleblowers as a tool to root out fraud in government programs. DOJ […]
Morrison & Foerster LLP