DOD Proposed New Cybersecurity Rules

Client Alert | 1 min read | 03.08.10

On March 3, DoD issued a notice of, and requested comments on, proposed rules levying information security requirements for safeguarding unclassified "DoD information" and reporting security breaches when contractors and subcontractors may have such information "resident on or transiting" their information systems. The proposed rule not only mandates that contractors "shall provide adequate security to safeguard DoD information," but also (1) requires flowdown to subcontractors; (2) establishes extreme standards in some areas (e.g., "best level of security and privacy available"); (3) incorporates National Institute of Standards and Technology (NIST) standards in some areas, but not others; and (4) acknowledges that the contractor will still need to comply with all other applicable security standards, such as "CPI, PII, For Official Use Only, Privacy Act, ITAR, EAR, and HIPAA."

Contacts

Adelicia R. Cliffe
Partner
She/Her/Hers
- Washington, D.C.
  - D | +1.202.624.2816
YWNsaWZmZUBjcm93ZWxsLmNvbQ==

Insights

Client Alert | 5 min read | 12.02.25

CARB Delays Enforcement of California’s Climate-Related Financial Risk Report Law (SB 261) and Issues New Guidance on Climate Disclosure Requirements in SB 261 and SB 253

As we have reported previously, California has enacted a pair of climate-related reporting laws that apply to large entities doing business in California (SB 253 and SB 261, as modified by SB 219). This alert provides an update on only the most recent events; please see previous alerts for a broader overview of the laws’ requirements....

Client Alert | 11 min read | 12.01.25
EU AI Act, GDPR, and Digital Laws Changes Proposed
Client Alert | 5 min read | 12.01.25
FRCP 16.1 Now in Play for MDLs—Game Changer or Not?
Client Alert | 6 min read | 11.26.25
From ‘Second’ to ‘First:’ Federal Circuit Tackles Obvious Claim Errors

View All Insights