Emerging Supply Chain and Cybersecurity Requirements for U.S. Government Contractors Webinar Series

Emerging Supply Chain and Cybersecurity Requirements for U.S. Government Contractors Webinar Series

  • Wednesday, April 17, 2024 1:00 PM - 2:00 PM EST

Please join Covington cybersecurity, government contracts, technology, securities, and False Claims Act attorneys for a CLE webinar series focused on emerging U.S. government supply chain and cybersecurity requirements. The series will feature three sessions, spanning new cybersecurity assessment requirements from the U.S. Department of Defense (DoD), government-wide software supply chain security requirements, and cyber incident reporting obligations for federal contractors.

Log-in details will provided upon registration.

This event is closed to the press.

Click here to register.

Session I: Cybersecurity Maturity Model Certification

Thursday, February 8 | 12 - 1 p.m. ET
Speakers: Susan CassidyAshden FeinBob HuffmanRyan Burnette

In this session, we will cover the existing information security requirements imposed on DoD contractors, including under DFARS 252.204-7012 and DFARS 252.204-7020; the current status of DoD’s Cybersecurity Maturity Model Certification (CMMC) program and the security requirements assessed under the model; how CMMC assessments will be scoped and implemented; the new certifications that will be required from contractors; the role of the accreditation body and appeals of assessment results; limitations imposed on Plans of Action and Milestones; applicability of CMMC requirements to subcontractors, Cloud Service Providers, and External Service Providers; and the treatment of costs of compliance and assessments under cost allowability principles. We covered the key elements and implications of DoD's proposed rule implementing CMMC in our recent client alert.

Session II: Software Supply Chain Security

Wednesday, February 28 | 1 - 2 p.m. ET
Speakers: Micaela McMurroughTeena SankoorikalBob HuffmanRyan Burnette

This session will focus on various measures undertaken by federal agencies since the May 2021 Cyber Executive Order (EO) to ensure the security of software and the supply chains for developing and providing it. These measures are the subject of a September 2022 Office of Management and Budget (OMB) Memorandum implementing the EO and include: the National Institute of Standards and Technology (NIST) Secure Software Development Framework; secure software development self-attestations by software "providers" (and the proposed common self-attestation form for such providers); software bills of materials (SBOMs); IoT and other software labelling; and the emerging "secure by design" policy for shifting liability for software vulnerabilities and defects from buyers/users to developers/sellers.

Session III: Cyber Incident Disclosure Obligations

Wednesday, April 17 | 1 - 2 p.m. ET
Speakers: Kerry BurkeAshden FeinMicaela McMurroughMark YoungRyan Burnette

This session will address the multitude of notification and disclosure obligations that global companies face when they are victims of cyber incidents. Global regulators' increasing focus on timely disclosure of these incidents to relevant stakeholders imposes new, and sometimes conflicting, obligations on U.S. contractors, especially for those operating across industries or on a global scale. This session will address new and developing cyber incident notification and disclosure obligations and how companies can meet the evolving requirements, including those imposed by the U.S. Securities and Exchange Commission, a proposed Federal Acquisition Regulation rule, and critical infrastructure regulators.