Cybersecurity News

GSA's New CUI Requirements: What Government Contractors Need to Know March 6, 2026
The U.S. General Services Administration (GSA) on January 5, 2026, quietly introduced a new cybersecurity compliance framework that will significantly reshape the information technology (IT) obligations of thousands of federal contractors that handle, process or store Controlled Unclassified Information (CUI).
Holland & Knight LLP
NYDFS Revises Prescriptive FAQs on Multifactor Authentication March 6, 2026
Two months after the New York Department of Financial Services (“NYDFS”) updated its Frequently Asked Questions (“FAQs”), which we wrote about here, NYDFS has released updated FAQs on multifactor authentication (“MFA”) that further clarify 23 NYCRR § 500.12.
Alston & Bird
A Compliance Wave is Coming: Data Brokers Brace for DROP Deletion Requests Under the Delete Act March 6, 2026
Data brokers are lining up to comply with California’s one-stop deletion tool requirement under the Delete Act, and the numbers signal a major shift in how privacy rights may be exercised and enforced in California starting this summer.
Robinson+Cole Data Privacy + Security Insider
Privacy Tip #482 – ShinyHunters Hits Wynn Resorts March 6, 2026
ShinyHunters continues to wreak havoc against well-known brands; most recently, Wynn Resorts. Wynn Resorts has confirmed that “an unauthorized third party acquired certain employee data.” It is believed that the threat actor was ShinyHunters. Fortunately for Wynn, the incident is not affecting its operations, and its resorts remain fully functional.
Robinson+Cole Data Privacy + Security Insider
Beyond the Games: The Overlooked Sexual Abuse and Trafficking Risks of Mega-Sporting Events March 6, 2026
Global sporting events such as the Olympic Games and FIFA World Cup generate extraordinary commercial opportunities and equally extraordinary corporate scrutiny. Companies often focus their risk planning on cybersecurity, brand protection, labor practices, and physical security. Far less frequently do they treat sexual abuse, sexual exploitation, and human trafficking as core enterprise risks tied to […]
Morgan Lewis
SBIR/STTR Programs Revived with Some Notable Changes March 6, 2026
The Senate has finally reached an agreement to reauthorize the Small Business Innovation Research (“SBIR”) and Small Business Technology Transfer (“STTR”) programs after a five‑month lapse and significant uncertainty about the future of the programs. On March 3, 2026, the Senate passed the Small Business Innovation and Economic Security Act (the “Act”), which, if enacted, […]
Morrison & Foerster LLP - Government Contracts Insights
Private Equity Year in Review 2025 March 6, 2026
We are excited to share the Cooley private equity (PE) annual recap highlighting a year marked by evolving market and regulatory conditions and sustained optimism across the PE landscape.
Cooley LLP
Black boxes, white coats and red tape: Regulating the use of AI in drug development March 6, 2026
AI systems are being used throughout the medicines lifecycle to analyse large volumes of data. These systems often rely on complex, opaque model architectures that autonomously train on large data sets, presenting unique risks.
Ropes & Gray LLP
Connecticut’s Proposed Revisions to Data Breach Statute March 6, 2026
Connecticut’s attorney general wants “the tea” on your data breaches – even if it means taking matters into their own hands.
BakerHostetler
March 2026 Investment Adviser Compliance Checklist March 6, 2026
The Investment Advisers Act of 1940 (the “Advisers Act”) is a relatively compact statute, and for many years the U.S. Securities and Exchange Commission (SEC) adopted relatively few regulations specifically targeting Advisers Act compliance. This changed quite dramatically during the previous administration, as registered advisers and even firms relying on registration exemptions became increasingly subject […]
Morrison & Foerster LLP

CMMC News

GSA's New CUI Requirements: What Government Contractors Need to Know March 6, 2026
The U.S. General Services Administration (GSA) on January 5, 2026, quietly introduced a new cybersecurity compliance framework that will significantly reshape the information technology (IT) obligations of thousands of federal contractors that handle, process or store Controlled Unclassified Information (CUI).
Holland & Knight LLP
Cybersecurity & Privacy 2026: Enforcement & Regulatory Trends March 5, 2026
Privacy and cybersecurity developments in 2025 were driven by ongoing regulatory development and enforcement. In the United States, federal and state authorities advanced detailed security, audit, and reporting frameworks. Across the United Kingdom, European Union, and Middle East, resilience and data governance remained core priorities, while China and other Asia-Pacific jurisdictions expanded incident reporting, cross-border […]
Morgan Lewis
Weekly Update for Government Contractors and Commercial Businesses – March 2026 March 5, 2026
Congress Searches for Shutdown Off-Ramp As DHS Employees Start Missing Pay, Government Executive - Republicans are renewing their push to fully fund and reopen the Homeland Security Department, suggesting the war the United States launched against Iran over the weekend has heightened the need to end the single-agency shutdown that entered its third week on […]
PilieroMazza PLLC
Trust Issues: March 2026 March 4, 2026
Entities engaged in commonplace adtech data enrichment practices involving the "sale" of personal information to third parties may be data brokers under the California Delete Act and related Delete Request and Opt-Out Platform (DROP) regulations.
Davis Wright Tremaine LLP
False Claims Act Year In Review: 2025 Trends And What’s Ahead In 2026 March 4, 2026
Fiscal year (FY) 2025 was a consequential enforcement year for the False Claims Act (FCA), according to a recent United States Department of Justice (DOJ) release. Settlements and judgments exceeded $6.8 billion, more than doubling FY 2024 and surpassing the prior record set in 2021. Healthcare and life sciences dominated enforcement, accounting for approximately $5.7 […]
DLA Piper
‘All in all, it’s just another brick in the wall’: GSA Attempts to Rebuild the CUI Assessment Process for Civilian Contractors February 26, 2026
Hopefully, you have already read our prior post about the General Services Administration’s (GSA) updated guide (the Guide) for protecting Controlled Unclassified Information (CUI). We quote some Bob Dylan, provide a brief overview of the Guide and highlight some key takeaways for contractors. As promised, this is Part 2 of our series on the Guide, […]
BakerHostetler
Weekly Update for Government Contractors and Commercial Businesses – February 2026 #4 February 26, 2026
Sending Out An SOS for the LOS - The limitations on subcontracting, or LOS, is a fundamental requirement of set-aside contracting. Historically, however, the LOS has not received as much attention as other set-aside compliance obligations that are more regularly the focus of audits, enforcement actions, and protests. But that changed with recent high-profile audits […]
PilieroMazza PLLC
Eye on Privacy - 2025 Year In Review February 25, 2026
As we close out January 2026, 2025 is firmly in the rearview mirror. And what a roller coaster it was. From AI developments to US state enforcement and legislation, it was a hard one to keep up with! The ground shifted under our feet in a way that will inform the rest of 2026 and […]
Sheppard
DoD Reorganizes Cybersecurity Clauses in Follow up to FAR ‘Overhaul’ February 25, 2026
On Dec. 18, 2025, the Department of Defense (DoD) issued deviations to over half of the Defense Federal Acquisition Regulation Supplement (DFARS) Parts, all of which became effective Feb. 1, 2026. Two days later, DoD issued a deviation for DFARS Part 204, which became effective Feb. 17.
Miles & Stockbridge P.C.
[Webinar] CMMC Mission Readiness: Navigating Growth, Costs, and Competition for Defense Contractors - March 11th, 2:00 pm - 3:00 pm EDT February 25, 2026
The Cybersecurity Maturity Model Certification (CMMC) is now a business reality for defense contractors—and how contractors respond will directly impact growth, pricing, and competitive positioning. With CMMC Phase 1 now formally implemented, contractors that process, store, or transmit Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) must understand not only what compliance requires, but […]
PilieroMazza PLLC