1. Home
  2. |Insights
  3. |UPDATE: [Close of Comments on Commerce Cyber Rule]

UPDATE: [Close of Comments on Commerce Cyber Rule]

Client Alert | 1 min read | 01.20.22

On January 12, 2022 the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a federal register notice delaying the effective date of new controls on cybersecurity items and an accompanying new license exception. The rules are now set to take effect on March 7, 2022.

The new controls were published in an interim final rule on October 21, 2021, please see our earlier client alert on this. Broadly speaking, they cover (a) items, including software, for the generation, command and control, or delivery of intrusion software and (b) internet protocol (IP) network communication surveillance equipment. BIS delayed the implementation to give industry additional time to comply with the new restrictions as well as update internal compliance procedures, and to provide BIS itself time to provide additional guidance on the rule. BIS may also consider some modifications to the rule, but is not reopening the comment period and these modifications based on the latest comments will most likely be made, if at all, sometime after the new effective date for the interim final rule.

Contacts

Insights

Client Alert | 2 min read | 07.15.26

CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations

As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements (Level I and II self assessments are still permitted). Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights....