-
Jan 7, 2025 | 
insideprivacy.com | Ashden Fein |Caleb Skeath |Moriah Daugherty |Micaela McMurrough
On December 24, 2024, New York Governor Kathy Hochul signed into law an amendment to New York General Business Law § 899-aa modifying the state’s data
-
Jan 7, 2025 | 
nationaldefensemagazine.org | Susan B. Cassidy |Ashden Fein |Robert Huffman
On Nov. 15, the Defense Department published a proposed rule titled “Disclosure of Information Regarding Foreign Obligations” that when finalized would impose new disclosure obligations on a defense contractor that previously allowed either a “foreign government” or a “foreign person” to review the company’s computer code.
-
Aug 29, 2024 | 
nationaldefensemagazine.org | Ryan Burnette |Susan B. Cassidy |Ashden Fein
The Office of Management and Budget released a memorandum on July 25 outlining several changes to the Federal Risk and Authorization Management Program. FedRAMP, as it is called, is a government-wide program that imposes security requirements on cloud service offerings that are being used by federal agencies. FedRAMP was originally established by the Office of Management and Budget through a Dec. 8, 2011, memorandum from the Federal Chief Information Officer.
-
Jul 3, 2024 | 
lexology.com | Robert Huffman |Susan B. Cassidy |Ashden Fein |Ryan Burnette
This is part of an ongoing series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through April 2024.
-
Apr 8, 2024 | 
lexblog.com | Robert Huffman |Susan B. Cassidy |Ashden Fein |Ryan Burnette
This is the thirty-fourth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs describes described the actions taken by various government agencies to implement the Cyber EO from June 2021through January 2024.
-
Feb 28, 2024 | 
lexblog.com | Robert Huffman |Susan B. Cassidy |Ashden Fein |Michael Wagner
Ashden Fein advises clients on cybersecurity and national security matters, including crisis management and incident response, risk management and governance, government and internal investigations, and regulatory compliance.
-
Feb 28, 2024 | 
lexblog.com | Robert Huffman |Susan B. Cassidy |Ashden Fein |Michael Wagner
This is the thirty-second in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through November 2023.
-
Feb 1, 2024 | 
lexblog.com | David Fagan |Ashden Fein |Micaela R. h. McMurrough |Ingrid Price
Mr. Fagan’s practice covers representations of both foreign and domestic companies before CFIUS and related national security regulators. The representations encompass matters in which the principal assets are in the United States, as well as those in which there is a smaller U.S. nexus but where solving for the CFIUS issues – including through proactive mitigation and carve-outs – is a critical path for the transaction.
-
Feb 1, 2024 | 
lexology.com | David Fagan |Ashden Fein |Micaela R.h. McMurrough |John Leslie |Jayne Ponder |Shayan Karbassi | +3 more
On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity.
-
Dec 19, 2023 | 
lexblog.com | Robert Huffman |Susan B. Cassidy |Ashden Fein |Michael Wagner
On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, covered in a separate blog, is titled “Cyber Threat and Incident Reporting and Information Sharing,” and adds new requirements to the cybersecurity incident reporting obligations of federal contractors.
