Regulatory Phishing by Hunton Andrews Kurth LLP

Regulatory Phishing is a podcast series brought to you by Hunton Andrews Kurth LLP and hosted by government contracts and cybersecurity attorney Eric Crusius. This series will analyze the latest cybersecurity news for the government contracting industry. From reviewing the Department of Defense and how national security shapes cybersecurity requirements to insights from industry leaders on the ever-changing landscape of cybersecurity, this podcast will help government contracting professionals hack into the latest cybersecurity developments around the world.

Finding the Right MSP to Manage Your CUI 10/03/2025

Finding the Right MSP to Manage Your CUI In this episode of Regulatory Phishing, is joined by Ed Bassett, who is the Chief Cybersecurity Evangelist at NeoSystems and a member of the board of the MSP Collective. Managed Service Providers play a vital role in the protection of CUI assets and choosing the right MSP can be a daunting task. Ed and Eric discuss what companies should look for when choosing an MSP and how an MSP can impact a company’s efforts undergo a successful CMMC assessment. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38459130

The Role of Cloud Service Providers in the CMMC Ecosystem 10/03/2025

The Role of Cloud Service Providers in the CMMC Ecosystem Michael Greenman from Deltek joins to discuss how cloud service providers (CSPs) have emerged as key players in the cybersecurity compliance landscape. From supporting DFARS 7012, CMMC and ITAR compliance, today’s government contracting regulatory frameworks increasingly rely on CSPs to demonstrate FedRAMP Moderate Authorization or Equivalency to reduce risk. This episode explores how CSPs support an organization’s compliance journey, with a focus on the shared responsibility model, evidence generation, and the rising demand for independently assessed, secure environments. We also unpack what "FedRAMP Authorized" vs. "FedRAMP Equivalency" really means for contractors working with the Department of Defense, and how CSP partnerships can impact a contractor’s ability to win government work under emerging regulations like CMMC. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38459100

A Closer Look at the CMMC Rollout 10/01/2025

A Closer Look at the CMMC Rollout The regulations released by the Department of Defense/War roll out the CMMC program over a number of years. In this episode of Regulatory Phishing, we will look at the timing and what it means for the Defense Industrial Base. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38424770

The DFARS CMMC Final Rule is Here! 09/19/2025

The DFARS CMMC Final Rule is Here! In this episode of “Regulatory Phishing,” government contracts and cybersecurity attorney discusses the latest rule released by the Department of Defense implementing the Cybersecurity Maturity Model Certification (CMMC) program and the implications and timing of the rule. Eric also discusses what changed from the proposed version of the rule and what is next for the CMMC program. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38284295

Discussing a DOJ Lawsuit Under the Civil-Fraud Initiative 10/17/2024

Discussing a DOJ Lawsuit Under the Civil-Fraud Initiative In this episode of "Regulatory Phishing," government contracts and litigation attorney is joined by Kelsey Hayes to discuss a U.S. Department of Justice (DOJ) lawsuit that was brought under the Civil Cyber-Fraud Initiative. The speakers walk through the meaning of a whistleblower lawsuit, allegations in the DOJ's complaint, the False Claims Act and more. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144720

Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors 09/11/2024

Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors In this episode of "Regulatory Phishing," government contracts and cybersecurity attorney delves into the latest developments from the Cybersecurity Maturity Model Certification (CMMC) program, National Institute of Standards and Technology (NIST) and Cybersecurity and Infrastructure Security Agency (CISA). Mr. Crusius looks at the implementation timeline for new and proposed regulations from these entities and considers potential implications of the False Claims Act and presidential election. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144690

The Role of Managed Service Providers with Stuart Itkin 11/21/2023

The Role of Managed Service Providers with Stuart Itkin In this episode of "Regulatory Phishing," government contracts and cybersecurity attorney is joined by Stuart Itkin, a senior vice president and the chief marketing officer at NeoSystems. Their conversation covers the overall cybersecurity landscape, especially the Cybersecurity Maturity Model Certification (CMMC) program, and discusses the important role manage service providers (MSPs) play in the ecosystem. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144615

The When, Where, Why and How of CMMC with Fernando Machado 11/07/2023

The When, Where, Why and How of CMMC with Fernando Machado In this episode of “Regulatory Phishing,” Fernando Machado joins government contracts and cybersecurity attorney for an episode focused on the Cybersecurity Maturity Model Certification (CMMC) program. Mr. Machado is the Managing Principal and Chief Information Security Officer for Cybersec Investments as well as the author of CMMC Simplified. Mr. Crusius and Mr. Machado discuss the current state of the CMMC, how companies can come to terms with this new certification program and strategies for compliance. They also walk through Mr. Machado's book and highlight some key insights into the CMMC program. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144575

The State of Contractor Cybersecurity with Katie Arrington 10/24/2023

The State of Contractor Cybersecurity with Katie Arrington In this episode of "Regulatory Phishing," former U.S. Department of Defense Chief Information Security Officer (CISO) Katie Arrington joins Hunton government contracts and cybersecurity attorney to discuss the state of cybersecurity within the defense industrial base, including the rollout of the Cybersecurity Maturity Model Certification (CMMC). The discussion is wide-ranging and offers invaluable insights into what is to come in the months and years ahead. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144540

Navigating the TikTok Ban: Implications for Government Contractors 10/23/2023

Navigating the TikTok Ban: Implications for Government Contractors In this episode of "Regulatory Phishing," Hunton government contracts and cybersecurity attorney and Jeremy Burkhart discuss the interim rule issued by the Federal Acquisition Regulation (FAR) Council implementing the statutory ban on the use of ByteDance's TikTok app on federal information technology systems and contracts. They explore the ambiguities in the rule's language and different approaches contractors may take to ensure compliance. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144500

The Impact of Cybersecurity Compliance on Corporate Transactions 10/22/2023

The Impact of Cybersecurity Compliance on Corporate Transactions In this episode of “Regulatory Phishing," and David Cole discuss the role of cybersecurity compliance in corporate transactions, how lack of compliance can impact the ability of a transaction to close and what parties look at during the due diligence process. Mr. Crusius and Mr. Cole also reminisce about Mr. Cole’s time lugging dozens of boxes through an airport in Costa Rica. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144475

What Do the Newly Released CMMC 2.1 Documents Mean? 10/21/2023

What Do the Newly Released CMMC 2.1 Documents Mean? In this episode of "Regulatory Phishing," Hunton government contracts and cybersecurity attorney examines the newly released Cybersecurity Maturity Model Certification (CMMC) program documents. Mr. Crusius breaks down assessment guides and the scoping guidance for CMMC Levels 1, 2 and 3. He also explains the significant impacts these documents can have on the CMMC ecosystem. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144455

Third-Party Assessments and NIST SP 800-171 10/20/2023

Third-Party Assessments and NIST SP 800-171 In this episode of Hunton's "Regulatory Phishing," is joined by Tom Tollerton, a partner with FORVIS, a Certified Third-Party Assessment Organization (C3PAO). In this episode, Eric and Tom discuss the role of the C3PAO in the Cybersecurity Maturity Model Certification (CMMC) process and what to expect with the new version of Special Publication 800-171 from the National Institute of Standards and Technology (NIST). NIST 800-171 is used as the baseline for a number of existing and forthcoming regulations in addition to Level 2 of CMMC. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38144415

Overview of Cybersecurity in Government Contracts 10/19/2023

Overview of Cybersecurity in Government Contracts The first episode of Hunton government contracts attorney podcast, "Regulatory Phishing," provides an overview of the latest cybersecurity issues facing government contractors and how significant cybersecurity attacks that have leaked government information to countries such as China, Russia and North Korea threaten national security. He details U.S. government regulations with which contractors must comply, as well as provides key information that government contractors should know, such as the Biden Administration's national security strategy. He also discusses his involvement in the National Contract Management Association's World Congress held July 23-26 2023 in Nashville and the increased interest in cybersecurity matters. /episode/index/show/71224f2a-671b-4a24-b6ff-4398859b5623/id/38005100

Regulatory Phishing by Hunton Andrews Kurth LLP

TOPICS