In June 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued draft updated guidance for public comment on the Minimum Elements for a Software Bill of Materials (SBOM), which the National Telecommunications and Information Administration (NTIA) first published in 2021 for federal agencies in response to Executive Order 14028 on Improving the Nation’s Cybersecurity.
Continue Reading Software Bill of Materials Guidance for Government Contractors
Cybersecurity month starts with a critical compliance date for the Department of Justice (DOJ)’s Data Security Program (DSP). Starting on Oct. 6, any U.S. person or company handling Americans’ bulk sensitive or personal data or U.S. government-related data must implement a written data compliance program that lays out specified due diligence, audit, reporting, and recordkeeping processes for covered data transactions.
Continue Reading Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025
NIS 2 (Directive (EU) 2022/2555), the European Union’s updated framework for cybersecurity, is designed to enhance cybersecurity across the EU by establishing a high common level of security for network and information systems.
Continue Reading EU NIS 2 Directive: Expanded Cybersecurity Obligations for Key Sectors
On July 31, 2025, the Fraud Section of the U.S. Department of Justice’s Commercial Litigation Branch (Fraud Section) announced new settlement agreements with government contractors to resolve their respective False Claims Act (FCA) liabilities arising out of cyber fraud allegations.
Continue Reading DOJ Settles Cybersecurity FCA Claims With PE Firm and Government Contractors
The California Privacy Protection Agency (CPPA) Board met on July 24, 2025, and advanced several key initiatives with direct implications for businesses operating in California.
The meeting focused on finalizing regulations pertaining to automated decision-making, risk assessments, and cybersecurity audits; advancing the California Delete Act’s Delete Request and Opt-Out Platform (DROP) rulemaking applicable to data
Greenberg Traurig’s Data Privacy & Cybersecurity Practice is recognized in The Legal 500 United States 2025 edition for Media, technology and telecoms> Cyber law (including data privacy and data protection). The group is praised as “a large, highly qualified, geographically-dispersed team” that supports clients across industries including e-commerce, financial services, health care, retail, and
DOJ’s new Data Security Program (DSP), effective April 8, 2025, imposes significant restrictions on U.S. government contractors and global companies that handle sensitive U.S. personal or government-related data. The DSP is currently subject to a 90-day initial enforcement period, After July 8, 2025, NSD will implement full enforcement of the DSP.
Continue Reading DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
Despite the potentially sweeping impact of the proposed FAR CUI Rule (Proposed Rule), less than 30 comments have been filed to date during the comment period, which ends March 17, 2025.
Continue Reading Proposed FAR CUI Rulemaking Nears Comment Deadline
In the latest episode of Axio’s Executive Insight Series, CEO Scott Kannry sat down with Jena Valdetero, Co-Chair of Greenberg Traurig’s U.S. Data, Privacy and Cybersecurity Group.
Continue Reading Executive Perspectives, Episode 4, Jena Valdetero