On October 11, 2024, the Department of Defense (“DoD”) issued its Final Program Rule for the Cybersecurity Maturity Model Certification (“CMMC”) Program. The Final Rule is a signal to federal contractors to develop compliance programs pertaining to CMMC in advance of the implementation of CMMC (likely next year). The CMMC program is designed to ensure […]
NYDFS Issues Guidance on Artificial Intelligence-related Cybersecurity Risks
On October 16, 2024, the New York Department of Financial Services (“NYDFS”) issued an industry letter covering Cybersecurity Risks Arising from Artificial Intelligence and Strategies to Combat Related Risks (the “Industry Letter”). The Industry Letter contains guidance for entities regulated by NYDFS (“Covered Entities”) in assessing and responding to cybersecurity risks related to the use […]
United States Cybersecurity and Infrastructure Security Agency Issues Joint International Guidance for Event Logging and Threat Detection
On August 21, 2024, the United States Cybersecurity and Infrastructure Security agency, alongside government agencies in key global allies, including Australia, the UK, Canada, and Japan, released guidance on event logging and threat detection best practices. The guidance was published in response to the increased prevalence of threat actors employing Living of the Land (LOTL) […]
New York Attorney General Investigates Companies for Website Tags, Publishes Guidelines on Online Tracking Technologies
On July 30, 2024, the New York Attorney General Letitia James announced she had completed an investigation into the tracking technology practices of popular websites, and used this to create website privacy guides on online tracking for New York businesses and consumers. These consist of a “Business Guide” and a “Consumer Guide.” The Business Guide […]
NYDFS Issues Final Circular Letter Guidance on Use of AI in Insurance Underwriting and Pricing
On July 11, 2024, the New York Department of Financial Services (“NYDFS”) released Insurance Circular Letter No. 7, which establishes guidelines on the use of artificial intelligence systems (“AIS”) and external consumer data and information sources (“ECDIS”) in insurance underwriting and pricing (“Final Circular Letter”). The Final Circular Letter comes in the wake of a […]