DOD Proposed New Cybersecurity Rules

Client Alert | 1 min read | 03.08.10

On March 3, DoD issued a notice of, and requested comments on, proposed rules levying information security requirements for safeguarding unclassified "DoD information" and reporting security breaches when contractors and subcontractors may have such information "resident on or transiting" their information systems. The proposed rule not only mandates that contractors "shall provide adequate security to safeguard DoD information," but also (1) requires flowdown to subcontractors; (2) establishes extreme standards in some areas (e.g., "best level of security and privacy available"); (3) incorporates National Institute of Standards and Technology (NIST) standards in some areas, but not others; and (4) acknowledges that the contractor will still need to comply with all other applicable security standards, such as "CPI, PII, For Official Use Only, Privacy Act, ITAR, EAR, and HIPAA."

Contacts

Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 4 min read | 04.02.26

FTC Announces New Health Care Task Force

In a development likely to ramp up regulatory pressure on an industry already under significant federal scrutiny, Federal Trade Commission (FTC) Chairman Andrew Ferguson recently directed leaders across his agency to launch a team dedicated to cooperatively advancing enforcement and advocacy activities relevant to health care....

Client Alert | 7 min read | 04.02.26
Reducing Your Exposure: Liability Limitations for Cybersecurity-Compliant Organizations
Client Alert | 4 min read | 04.01.26
Supreme Court Rejects “Mere Knowledge” Standard for Contributory Copyright Infringement in Cox v. Sony, Reverses $1 Billion Judgment Against Cox
Client Alert | 5 min read | 04.01.26
OPO Hospital Waiver Litigation: Trends and Takeaways

View All Insights