1. Home
  2. |Insights
  3. |NIST Now "King of the Hill" on Cyber Standards

NIST Now "King of the Hill" on Cyber Standards

Client Alert | 1 min read | 05.14.13

Following its key cyber role in President Obama's Executive Order No. 13636 issued this February, the National Institute of Standards and Technology (NIST) again seized the reins on federal cybersecurity standards on April 30, issuing the 457-page tome, Security and Privacy Controls for Federal information Systems and Organizations, that not only provides the "most comprehensive update" of the core information security controls, but also cuts new ground for cybersecurity standards governing mobile and cloud computing technology, applications security, supply chain protection, advanced persistent threats, and privacy controls for federal agencies and contractors. While some critics have sought to brush back prior NIST standards as too voluminous and technically dense, this latest publication underscores NIST's increasing dominance over cyber standards, as shown by both DoD and the Office of the Director of National Intelligence embracing this NIST update, thus paving the way for federal agencies to flow down new and expanded security standards to government contractors consistent with the executive order's directive to the FAR Council.


Insights

Client Alert | 2 min read | 07.15.26

CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations

As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements (Level I and II self assessments are still permitted). Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights....