Dan Pepper (US)

Subscribe to all posts by Dan Pepper (US)

NIST Proposes Revised Security Guidelines For Federal Contractors

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in General
In response to the constantly evolving landscape of cybersecurity threats, the National Institute of Standards and Technology (NIST) has recently updated their guidelines for Special Publication NIST 800-171, making its guidance more prescriptive, and potentially making it harder for contractors to comply. NIST 800-171 is a set of guidelines created to help federal agencies and … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

Photo of Dan Pepper (US)Photo of Susan Ross (US)By Dan Pepper (US) and Susan Ross (US) on Posted in Cybersecurity
On November 9, 2022, the New York Department of Financial Services (NYDFS) officially proposed changes to its cybersecurity regulation and opened a 60-day public comment period.  NYDFS had issued a “pre-proposed” version of the changes in July of this year, which we had summarized here.  NYDFS retained many of those earlier proposed changes, and made … Continue reading

CISA Releases New Infrastructure Cybersecurity Goals for Critical Infrastructure

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in Cybersecurity
On October 27, 2022, the Cybersecurity & Infrastructure Security Agency (“CISA”), in partnership with the National Institute of Standards and Technology (“NIST”) and the interagency community, published the first iteration of its cross-sector Cybersecurity Performance Goals (“CPGs”). Drafted in response to President Joe Biden’s July 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure … Continue reading

NYDFS proposes significant cybersecurity regulation amendments

Photo of Dan Pepper (US)Photo of Susan Ross (US)Photo of Patrick Burke (US)By Dan Pepper (US), Susan Ross (US) and Patrick Burke (US) on Posted in Cybersecurity
On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500.  Because this version is the “preposed” copy of the changes, there is … Continue reading
LexBlog