Amy Mushahwar

About Amy Mushahwar

Amy Mushahwar is a partner with Alston & Bird’s Privacy, Cyber & Data Strategy Team. Amy has over 20 years of experience in the technology space and focuses her practice on data security, cyber risk, privacy, and emerging technologies. She advises clients on proactive data security practices, data breach incident response, and regulatory compliance.

[Read Bio]

NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

September 15, 2022 By Kim Peretti, Amy Mushahwar and Kristen Bartolotta

On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and […]

White House Releases Recommendations to Protect Against Potential Cyberattacks

March 22, 2022 By Amy Mushahwar and Kristen Bartolotta

The potential for malicious cyber activity has been a concern for the Biden administration throughout the evolving crisis in Ukraine (including the imposition of sanctions against Russia). In response to the concern, the Biden administration, which is now facing “evolving intelligence that Russia may be exploring options for potential cyberattacks,” has released recommendations for companies […]

Department of Defense Suspends the CMMC Pilot Program And CMMC Requirements In DoD Solicitations Pending Major Changes For CMMC 2.0.

November 5, 2021 By Amy Mushahwar and Jon Knight

The Department of Defense (“DoD”) recently announced it will be revamping the nascent Cybersecurity Maturity Model Certification (“CMMC”) program pending two separate rulemaking processes. As detailed below, the DoD will be updating “the program structure and the requirements to streamline and improve implementation of the CMMC program.” We will be monitoring the rulemaking process for […]

NYDFS Issues Guidance on Cybersecurity Controls to Combat Ransomware and Clarifies Reporting Obligations

July 3, 2021 By Lance Taubin, Kate Hanniford, Kim Peretti and Amy Mushahwar

The New York Department of Financial Services (NYDFS) issued new guidance this week intended to assist organizations in thwarting ransomware attacks. The guidance clarifies the NYDFS’ expectation that NYDFS-regulated companies should “implement these controls whenever possible” and report any successful deployment of ransomware or unauthorized access to privilege accounts to the NYDFS under its established […]

Russia Sanctioned For Role In SolarWinds Supply Chain Attack

April 20, 2021 By Amy Mushahwar and Jon Knight

On April 15, 2021, the Biden Administration took a significant step in announcing sanctions against the Russian Government and private Russian entities for multiple internationally-destabilizing activities, including the Russian Foreign Intelligence Service’s (SVR) supply chain attack of the SolarWinds Orion platform and other technology infrastructures. In addition to the sanctions, the Administration also provided practical […]