National Institute for Standards and Technology (NIST)

Trump Administration Releases Cyber Executive Order Revealing Renewed Strategy for U.S. Cybersecurity

June 15, 2025 By Kim Peretti and Kristen Bartolotta

On June 6, 2025, President Trump issued an Executive Order (EO) on Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity, amending certain prior directives established by the Biden and Obama administrations. Importantly, the administration’s new directive maintains continuity of the cybersecurity goals of prior administrations and demonstrates that cybersecurity remains a bipartisan priority. However, the […]

Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech

August 30, 2024 By Kim Peretti, Andrew Liebler and Andrew Rice

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp. and Board of Regents of the University System of Georgia (d/b/a the Georgia Institute of Technology) (United States v. Georgia […]

NYDFS Releases Circular Letter on Use of AI in Insurance Underwriting and Pricing

February 1, 2024 By Kim Peretti, Daniel Felz, Lance Taubin and Colton Jackson

On January 17, 2024, the New York State Department of Financial Services (“NYDFS”) issued a proposed circular letter for comment regarding the “Use of Artificial Intelligence Systems and External Consumer Data and Information Sources in Insurance Underwriting and Pricing” (the “Circular Letter”). The Circular Letter details NYDFS’ expectations and guidelines for the use of artificial […]

NHTSA Updates its Guidance on Cybersecurity Best Practices for the Safety of Modern Vehicles

September 15, 2022 By Kim Peretti and Kristen Bartolotta

On September 7, 2022 the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) released an updated edition of its Cybersecurity Best Practices for the Safety of Modern Vehicles, the last edition of which was published in 2016. This most recent edition of this non-binding guidance leverages agency research, industry voluntary standards, and […]

New Law Requires HHS to Consider Recognized Security Practices as Mitigating Factor When Determining Penalties

January 21, 2021 By Privacy, Cyber & Data Strategy Team

On January 5, 2021, the president signed into law H.R. 7898, an Act that amends the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services (HHS) to consider specific recognized security practices of covered entities and business associates when making certain determinations regarding fines, penalties, […]