No Post-Thanksgiving Break for Cyber – DoD and NIST Publish New Guidance
Client Alert | 1 min read | 12.01.17
Both the Department of Defense and National Institute of Standards & Technology (NIST) have put pen to paper and provided new information for contractors looking to comply with DFARS 252.204-7012 and its accompanying cybersecurity requirements under NIST Special Publication (SP) 800-171. Earlier this week, the DoD posted guidance explaining that contractors can still use system security plans (SSPs) under the original version of NIST SP 800-171 to “document implementation” under the DFARS Clause, despite that version not including SSPs as a security control requirement. Separately, NIST published a draft of NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, providing guidance to both contractors and their customers regarding how to conduct assessments under NIST SP 800-171. Importantly, the draft is open to comment through December 27, 2017, providing contractors with a unique opportunity to weigh in on how their customers may ultimately judge compliance with the DFARS Clause’s security requirements.
Insights
Client Alert | 3 min read | 09.17.25
On August 8, 2025, the Attorneys General of 23 Republican-led U.S. states (the “AGs”) sent a letter to Science Based Targets Initiative (“SBTi”), a U.K. non-profit climate organization, expressing concern with the SBTi’s climate initiatives.[1]SBTi had previously received a subpoena from Florida Attorney General James Uthmeier in connection with his office’s investigation into what he described as a “climate cartel,” which he alleges includes SBTi and CDP (formerly the Carbon Disclosure Project).[2]
Client Alert | 4 min read | 09.17.25
Client Alert | 5 min read | 09.16.25
Bucking the Odds: Why Technology Companies Should Embrace Software Patents Today
Client Alert | 4 min read | 09.16.25