Security Regulation

FAR Council Issues Rule on Basic Safeguarding of Covered Contractor Information Systems

By Stewart Baker on May 26, 2016

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

On May 16, four years after issuing a proposed rule, the FAR Council issued a final cybersecurity-related rule that reaches deep into the supply chain and is applicable to virtually all government contractors and subcontractors. The rule establishes a new FAR subpart 4.19 and a clause 52.204-21, both of which are entitled “Basic Safeguarding of Covered Contractor Information Systems.” The rule is effective for solicitations issued on or after June 15, 2016. A copy is available here.
Continue Reading FAR Council Issues Rule on Basic Safeguarding of Covered Contractor Information Systems

Steptoe Cyberlaw Podcast – Interview with Patrick Gray

By Stewart Baker on May 25, 2016

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest, Patrick Gray, is the host of the excellent Risky Business security podcast. He introduces us to the cybersecurity equivalent of decapitation by paper cut and offers a technologist’s take on multiple policy and legal issues. In the news roundup, Michael explains the many plaintiff-friendly rulings obtained by the banks suing Home Depot over its data breach. We wonder whether the rulings are so plaintiff-friendly that the banks will eventually regret their successes. Michael also explains just how deliberately meaningless is the Supreme Court decision in Spokeo, Inc. v. Robins.…
Continue Reading Steptoe Cyberlaw Podcast – Interview with Patrick Gray

Menu

Cyberblog

Security Regulation

FAR Council Issues Rule on Basic Safeguarding of Covered Contractor Information Systems

Steptoe Cyberlaw Podcast – Interview with Patrick Gray

Steptoe & Johnson LLP

About Steptoe