Beyond Compliance: DFARs 252.204-7012 Safeguarding Covered Defense Information and Cyber Incident Reporting: A Matter of National Security

The DOD Guidance provides additional information on how they might penalize business partners who fail to adhere to new security rules, including penalties and not being awarded new contracts. Aside from the obvious competitive business reasons to immediately implement the NIST 800-171 security requirements this latest theft of project Sea Dragon data is reminder of the implications to national security. Most of NIST 800-171 is just good cybersecurity hygiene that at a minimum will make contractors harder targets for hostile nation states.

Read More »

SEC Guidance on Public Company Cybersecurity Disclosures

The U.S. Securities and Exchange Commission issued new guidance for public companies to be more forthcoming when disclosing cybersecurity risks, expanding on previous guidance issued in 2011. In addition to warning corporate insiders not to trade shares when they have information about cybersecurity issues that isn’t public, the guidance advised that internal or law enforcement investigations cannot be used as an excuse for not informing the public. The unanimously approved guidance, was published “interpretive guidance,” which the SEC uses to publish their views and interpret the federal securities laws and SEC regulations.

Read More »