The new DoD cybersecurity regulations require contractors to implement the security requirements specified by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” not later than Dec. 31, 2017. DFARS, 252.204-7008(c)(1).

However, a contractor may propose to vary from the NIST SP 800-171 requirements under two circumstances. Under DFARS 252.204-7008(c)(2), a contractor may propose to vary from the security requirements specified by NIST SP 800-171 through a
Continue Reading Will the New DoD Cybersecurity Regulations Cause a New Wave of Protest Disputes?

The U.S. Department of Defense published its Network Penetration Reporting and Cloud Computing Services regulations as an interim rule in August 2015 and updated them in December 2015.  Watch this new webinar replay at your convenience to learn about the regulations, how they may impact your business, and the concerns of industry groups. Click HERE to watch the webinar in its entirety.

 
Continue Reading Webinar Replay Now Available on the New Defense Department Cybersecurity Rules

On June 4, 2015, the Office of Personnel Management announced that personally identifiable information for 4 million current and retired U.S. Government employees had been breached. China was suspected of having facilitated the breach.

Two weeks later, after the number of data breach victims had risen to 14 million, the National Institute of Standards and Technology (NIST) published its new Guidelines for Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171.

We published our
Continue Reading Did China’s Agreement Not to Steal U.S. Intellectual Property Influence the Defense Department’s Decision to Grant a Two-Year Extension for Contractors to Comply with NIST SP 800-171’s Guidelines for Protecting Controlled Unclassified Information?

Cyber Buyer's GuideYou need cyber insurance to protect your organization from the potentially-devastating financial harm that often follows a data breach, and to protect your brand and guard your reputation. Cyber insurance can help your organization survive a breach and pay the cost to notify customers of the breach and offer them credit monitoring services, defend your organization from class action lawsuits by customers, banks / credit card companies, and shareholders, and defend government investigations and enforcement proceedings. There are no standard-form
Continue Reading Cyber Insurance Buyer’s Guide

A review of corporate indemnities and D&O insurance should be a top priority for executives in order to mitigate the oftentimes significant cost of Government investigations and prosecutions. The D&Oanalysis should also consider the purchase of excess difference-in-conditions D&O insurance.

Many corporate executives, including directors, believe they would be fully indemnified from the cost of defending against a Government investigation or prosecution. They find solace in articles of incorporation or bylaws that require their corporations to fully indemnify them from
Continue Reading It’s Time for Executives to Check Their Corporate Indemnities and D&O Insurance