Insights

Professional
Practice
Industry
Region
Trending Topics
Location
Type

Sort by:

Client Alerts 15 results

Client Alert | 8 min read | 04.09.24

OMB Releases Final Guidance Memo on the Government’s Use of AI

On March 28, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (Memo), updating and implementing OMB’s November 2023 proposed memorandum of the same name.  The Memo directs agencies “to advance AI governance and innovation while managing risks from the use of AI in the Federal Government.”  In the Memo, OMB focuses on three major areas – strengthening AI governance, advancing responsible AI innovation, and managing risks from the use of AI. 
...

Client Alert | 2 min read | 03.21.24

Software Developments: CISA Finalizes Attestation Form, Triggering Secure Software Development Implementation

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) published an updated Secure Software Development Attestation Form, meaning that producers of software and providers of products containing software used by the federal government may be required to submit their attestations in the very near future. The Attestation Form, first published in April 2023, is a key cog in CISA’s implementation of software supply chain security requirements in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity and OMB Memoranda M-22-18 and M-23-16.
...

Client Alert | 5 min read | 02.08.24

Who I(aa)S Your Foreign Customer? Department of Commerce Proposes Foreign Customer Identification Requirements For U.S. IaaS Providers

On January 29, 2024, the Department of Commerce released a proposed rule:  Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities, which solicits comments regarding a proposed  new set of regulations that would introduce significant new requirements for U.S.-based Infrastructure as a Service (IaaS) providers.  The proposed rule implements requirements from the January 2021 Executive Order Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities and part of the October 2023 Executive Order Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.  If Commerce implements the regulations as proposed, IaaS providers would be required to create a Customer Identification Program (CIP), ensure any foreign resellers maintain a CIP, track all customer identities, verify the identities of foreign customers, and report certain transactions implicating large AI models that could be used for malicious cyber-enabled activities.  The Department is soliciting comments on all aspects of the proposed rule by April 29, 2024.
...

Publications 3 results

Publication | January 2024

Solarwinds Whips Up a Software Cybersecurity Storm

Contract Management Magazine

Publication | 05.24.23

Privacy and Cybersecurity for Retailers in the Metaverse

Retail in the Metaverse and Beyond

Imagine a customer walking into a clothing store. She browses the racks, selects a few items, and asks the sales associate for a dressing room. She walks into the dressing room and tries on the clothes. Then she heads to the counter, pays for some of the items, and leaves.
...

Publication | 03.30.23

The Road To CMMC: Where We Started And Where We Are Headed

Westlaw Today, Reuters

Events 1 result

Event | 01.25.24, 5:00 PM PST - 7:30 PM PST

What Tech Start-Ups Need to Know in the Era of CMMC: Federal Government Contracting Perspectives

The Department of Defense (DOD)’s recent release of the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) has shaken up cybersecurity requirements for companies looking do business with the Federal Government. These emerging requirements become increasingly arduous for startup companies in the technology space – albeit cloud computing, software or artificial intelligence.

Webinars 2 results

Webinar | 01.09.24, 1:00 PM EST - 2:00 PM EST

CMMC Proposed Rule: What to Know

The Department of Defense (DOD) has released the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC). CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks and data theft from its supply chain vendors. As proposed, this program requires every Federal contractor that handles DoD sensitive data to comply with certain cybersecurity controls. CMMC will bring greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with failure to comply. To achieve certification, you’re required to prove that your organization can meet a myriad of security control obligations, a process that can be daunting if you’re not familiar with the policies, procedures, and practices that may be required when the program is finalized.

Webinar | June 6, 2023

Software Supply Chain Security Requirements: Are You Ready?

The Office of Management and Budget (OMB) released Memorandum M-22-18, implementing software supply chain security requirements for federal agencies, and in turn, for government contractors providing software to the government.

Join our Crowell & Moring practitioners as they discuss deadlines approaching this summer and the applicability of OMB’s self-attestation requirements. Crowell will also provide practical insights in implementing the new software security standard, NIST SP 800-218, Secure Software Development Framework, and about completing the Cybersecurity Infrastructure Security Agency’s (CISA) draft Self-Attestation Form. 

Speaking Engagements 2 results