In this episode of “Regulatory Phishing,” government contracts and cybersecurity attorney Eric Crusius discusses the latest rule released by the Department of Defense implementing the Cybersecurity Maturity Model Certification (CMMC) program and the implications and timing of the rule. Eric also discusses what changed from the proposed version of the rule and what is next for the CMMC program.

In this episode of "Regulatory Phishing," government contracts and litigation attorney Eric Crusius is joined by Kelsey Hayes to discuss a U.S. Department of Justice (DOJ) lawsuit that was brought under the Civil Cyber-Fraud Initiative. The speakers walk through the meaning of a whistleblower lawsuit, allegations in the DOJ's complaint, the False Claims Act and more.

In this episode of "Regulatory Phishing," government contracts and cybersecurity attorney Eric Crusius delves into the latest developments from the Cybersecurity Maturity Model Certification (CMMC) program, National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA). Mr. Crusius looks at the implementation timeline for new and proposed regulations from these entities and considers potential implications of the False Claims Act and presidential election.

In this episode of "Regulatory Phishing," government contracts and cybersecurity attorney Eric Crusius is joined by Stuart Itkin, a senior vice president and the chief marketing officer at NeoSystems. Their conversation covers the overall cybersecurity landscape, especially the Cybersecurity Maturity Model Certification (CMMC) program, and discusses the important role manage service providers (MSPs) play in the ecosystem.

In this episode of “Regulatory Phishing,” Fernando Machado joins government contracts and cybersecurity attorney Eric Crusius for an episode focused on the Cybersecurity Maturity Model Certification (CMMC) program. Mr. Machado is the Managing Principal and Chief Information Security Officer for Cybersec Investments as well as the author of CMMC Simplified. Mr. Crusius and Mr. Machado discuss the current state of the CMMC, how companies can come to terms with this new certification program and strategies for compliance. They also walk through Mr. Machado's book and highlight some key insights into the CMMC program.

In this episode of "Regulatory Phishing," former U.S. Department of Defense Chief Information Security Officer (CISO) Katie Arrington joins Hunton government contracts and cybersecurity attorney Eric Crusius to discuss the state of cybersecurity within the defense industrial base, including the rollout of the Cybersecurity Maturity Model Certification (CMMC). The discussion is wide-ranging and offers invaluable insights into what is to come in the months and years ahead.

In this episode of "Regulatory Phishing," Hunton government contracts and cybersecurity attorney Eric Crusius and Jeremy Burkhart discuss the interim rule issued by the Federal Acquisition Regulation (FAR) Council implementing the statutory ban on the use of ByteDance's TikTok app on federal information technology systems and contracts. They explore the ambiguities in the rule's language and different approaches contractors may take to ensure compliance.

In this episode of “Regulatory Phishing," Eric Crusius and David Cole discuss the role of cybersecurity compliance in corporate transactions, how lack of compliance can impact the ability of a transaction to close and what parties look at during the due diligence process. Mr. Crusius and Mr. Cole also reminisce about Mr. Cole’s time lugging dozens of boxes through an airport in Costa Rica.

In this episode of "Regulatory Phishing," Hunton government contracts and cybersecurity attorney Eric Crusius examines the newly released Cybersecurity Maturity Model Certification (CMMC) program documents. Mr. Crusius breaks down assessment guides and the scoping guidance for CMMC Levels 1, 2 and 3. He also explains the significant impacts these documents can have on the CMMC ecosystem.

In this episode of Hunton's "Regulatory Phishing," Eric Crusius is joined by Tom Tollerton, a partner with FORVIS, a Certified Third-Party Assessment Organization (C3PAO). In this episode, Eric and Tom discuss the role of the C3PAO in the Cybersecurity Maturity Model Certification (CMMC) process and what to expect with the new version of Special Publication 800-171 from the National Institute of Standards and Technology (NIST). NIST 800-171 is used as the baseline for a number of existing and forthcoming regulations in addition to Level 2 of CMMC.