Latest News

What we’re talking about

DFAR Amendment for Contractor Implementation
Cyber Security

DFAR Amendment for Contractor Implementation

The Department of Defense (DoD) has proposed a Defense Federal Acquisition Regulation Supplement (DFAR) amendment for contractor implementation of Cybersecurity Maturity Model Certification (CMMC).  DFARS case 2019-D041 was first published in September 2020 with an effective date of November 20, 2020 to allow for the development of CMMC 2.0.  CMMC 2.0 establishes a framework for

Read More »
Suit Filed Against Georgia Tech
Cyber Security

Suit Filed Against Georgia Tech by U.S. Government

A suit filed against Georgia Tech by the United States Government alleges that the university’s affiliate, Georgia Tech Research Corporation (GTRC) knowingly failed to meet its cybersecurity requirements for the Department of Defense (DoD).  The suit was initiated by a whistleblower complaint from members of Georgia Tech’s Cybersecurity team.   The lawsuit alleges that the Georgia

Read More »
AUKUS Defense Trade
Export Compliance News

AUKUS Defense Trade Moves Forward

The U.S. Department of State announced on August 15, 2024 that progress had been made in the AUKUS defense trade integration. This has resulted in an interim final rule amendment to the International Traffic in Arms Regulations (ITAR) that will facilitate billions of dollars in secure license-free defense trade between Australia, the United Kingdom, and

Read More »
Academia Research Export Compliance
Export Compliance News

Academia Research Export Compliance Challenges

The Bureau of Industry and Security (BIS) has released guidance on improving academia research export compliance programs. This guidance is based on recent trends in Voluntary Self-Disclosures conducted by academic institutions where Export Administration Regulations (EAR) violations occurred . Voluntary Self-Disclosures A Voluntary Self-Disclosure (VSD) is conducted when an organization recognizes that violations or suspected

Read More »
Integrating Physical Security Requirements
Cyber Security

Integrating Physical Security Requirements for Businesses

Integrating physical security requirements is an area of growing concern for organizations of all sizes.  Aside from insuring basic safety for personnel and physical assets, businesses are faced with security requirements for cybersecurity and export compliance.  This necessitates a non-siloed approach to an often overlooked management function. Basic Physical Security Measures Every organization should ensure

Read More »
New Export Screening List
Export Compliance News

New Export Screening List for Diversion Risks

The Bureau of Industry and Security (BIS) has issued guidance that recommends using a new export screening list as additional due diligence to prevent diversion risks.  This new database, The Trade Integrity Project has been released by the Open Source Center, which is based in the United Kingdom.  This list focuses on entities involved in

Read More »
AUKUS Eases Export Restrictions
Export Compliance News

AUKUS Eases Export Restrictions Under ITAR and EAR

AUKUS eases export restrictions under ITAR and EAR for certain defense related articles and technologies between the United States, Australia, and the United Kingdom.  This strategic initiative has been taken to enhance the defense capabilities of all three nations to respond to national security threats posed by the Peoples Republic of China (PRC) and Russia.

Read More »
NIST Special Publication 800-53
Cyber Security

NIST Special Publication 800-53 Controls

NIST Special Publication 800-53 is a catalog of security and privacy controls released by the National Institute of Standards and Technology for U.S. federal information systems.  It includes key steps in the Risk Management Framework for the selection of appropriate security controls for information systems.  This framework standards and guidelines is a requirement for federal

Read More »
Statute of Limitation for Sanctions
Export Compliance News

Statute of Limitation for Sanctions Extended to Ten Years

President Biden signed H.R. 815 into law on April 24, 2024 to address specific foreign policy and national security issues.  This legislation includes an extension (Section 3111) for the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) from five to ten years.  This statute of limitations is applicable to

Read More »
Cyber-Intrusion and Data Exfiltration
Cyber Security

Cyber-Intrusion and Data Exfiltration Concerns for BIS

Cyber-intrusion and data exfiltration are subjects of increased concern for the Bureau of Industry and Security (BIS).  In its March 2024 release of Don’t Let This Happen to You!, BIS reiterates its growing role in export enforcement to protect U.S. national security and foreign policy concerns.  It emphasizes the importance of developing effective export compliance programs

Read More »
Global Challenges for Cybersecurity
Cyber Security

Global Challenges for Cybersecurity Resilience

Global challenges for cybersecurity resilience were outlined in a recent report from the World Economic Forum.  The report, Global Cybersecurity Outlook 2024, analyzes the state of inequity in achieving cyber security, the impacts of geopolitics on the cyber risk landscape, the effects of emerging technologies such as Artificial Intelligence (AI), and the shortage of qualified people

Read More »
Nicaragua Export Restrictions
Export Compliance News

Nicaragua Export Restrictions Increased by U.S.

Nicaragua export restrictions have been increased by both the Directorate of Defense Trade Controls (DDTC) and the Bureau of Industry and Security (BIS) as of March of 2024.  These actions were taken in response to United States national security and foreign policy concerns regarding the continuing deterioration of the nation’s human rights, civil institutions, and

Read More »
Understanding MIL STD 810
Product Testing News

Understanding MIL-STD-810 and How to Use It

Understanding MIL-STD-810 is essential for proper developmental evaluation of the environmental effects on equipment.  CVG Strategy has been helping our customers use this valuable standard to create test programs for over a decade.  In this time we have seen a number of commonly held misconceptions about the standard and how to use it.  What is

Read More »
secure software development attestation
Cyber Security

Secure Software Development Attestation Form Released

A secure software development attestation form has been approved by the Federal Government in an attempt to ensure that contracted developers of software assume responsibility for the security risks in the protection of federal information.  The form was released by the Cybersecurity and Infrastructure Security Agency (CISA) Office of Management and Budget (OMB) on April

Read More »
foreign based businesses
Export Compliance News

Foreign Based Businesses and U.S. Export Compliance

Foreign based businesses and persons involved in the reexport of items controlled under the Export Administration Regulations (EAR) and the International Traffic in Arms Regulations (ITAR) are subject to the regulations and associated sanctions.  This also holds true for foreign producers of items that incorporate threshold percentages (de minimis) of controlled items in their products

Read More »
Disruptive Technology Task Force Enforcement Actions
Export Compliance News

Disruptive Technology Strike Force Enforcement Actions

The Disruptive Technology Strike Force was launched February 16, 2023 by the Department of Commerce, the Department of Justice, and the Federal Bureau of Investigation in an effort to prevent the unlawful acquisition of advanced technologies by foreign adversaries.  To date this effort has resulted in numerous cases being filed against parties involved in sanctions

Read More »