Townsend Bourne, partner at Sheppard Mullin, joins Off the Shelf for an examination of a series of cyber policies, regulations, and certifications that are in various stages of government review and/or public comment.  Bourne provides her insights on many of the key cyber policies and programs that will impact government and industry, and gives her thoughts on FedRAMP modernization and the draft OMB memo laying the vision for future operations.  She also shares key takeaways for contractors regarding Software Bill of Materials (SBOMs) and the proposed software attestation form. The impending release of DoD’s Cybersecurity Maturity Model Certification (CMMC) and what it means for government and industry is another focus of discussion.  Bourne analyzes two proposed FAR cybersecurity FAR clauses, Cyber Threat and Incident Reporting and Information Sharing and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems.  Finally, she discusses the challenge and imperative of coordination and rationalization of cybersecurity requirements across for the Federal government.