Data Dive

In recent weeks, the Consumer Financial Protection Bureau (CFPB), the U.S. government agency that is charged with implementing and enforcing federal consumer financial law, has taken an increasingly active approach on a range of topics relating to credit reporting and background checks. In the last eight weeks, the agency has taken action aimed at protecting on five separate occasions.

On Tuesday, the Department of Justice (DOJ) released its Comprehensive Cyber Review report (the “Review”) summarizing its review of the Department’s cyber-related activities and its recommendations around the Department’s “offensive” (i.e., cyber threat investigations and enforcement) and “defensive” (i.e., Department system protections) cyber capabilities. One element of the Review addressed federal contractor and vendor cybersecurity, and noted that “many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous,” and that the Department has offered to assist the Federal Acquisition Regulatory Council in updating cybersecurity contract terms, which is an effort that is underway pursuant to E.O. 14028.

Last month, the Office of Management and Budget (OMB) and the Cyber and Infrastructure Security Agency (CISA) released draft guidance to implement a Zero Trust cybersecurity policy government-wide. OMB and CISA are seeking public comment on the strategical and technical guidance published in direct support of President Biden’s Executive Order on Improving the Nation’s Cybersecurity (“EO 14208”).

President Biden issued Executive Order (EO) 14,028 on May 12, 2021 on “Improving the Nation’s Cybersecurity.” As noted in the administration’s accompanying Fact Sheet, the EO is a direct response to recent high-profile cybersecurity incidents. However, it should also be viewed in context as a response to years of increasing concern about, and efforts to enhance, cyber and supply chain security within the federal government, its contracting base and the U.S. information and communications technology and services (ICTS) industry more broadly.