Cybersecurity

On December 26, the Department of Defense (DoD) published its long-awaited Cybersecurity Maturity Model Certification (CMMC) Program proposed rule, which places comprehensive cybersecurity and information security requirements on DoD contractors and subcontractors.Continue Reading Department of Defense Publishes Long-Awaited CMMC Proposed Rule

Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA). The proposed regulations include data incident reporting requirements the government explicitly designated as material to government contractors

Please join us on November 2 for an engaging webinar, Demystifying Controlled Unclassified Information Requirements: Overview of the Regulatory Landscape and Strategies for Implementing a Successful Compliance Program, alongside Stacy High-Brinkley from BDO. Together, we will illuminate the dynamic landscape of federal Controlled Unclassified Information (CUI) requirements.Continue Reading Register Now | Demystifying Controlled Unclassified Information Requirements Webinar

On May 10, the National Institute of Standards and Technology (NIST) released its initial public draft of SP 800-171, Revision 3, a set of updated guidelines aimed at helping organizations better handle confidential unclassified information (CUI) that resides on non-federal systems. Continue Reading NIST Releases Public Draft of Revised Guidelines Aimed at Helping Contractors Protect Sensitive Information

On September 15, President Biden announced the issuance of Executive Order (EO) 14083 to sharpen the focus of inbound investment screening by more formally tying the role of the Committee on Foreign Investment in the United States (CFIUS or the Committee) to the president’s national security prerogatives. For the first time since the Committee was established in 1975, the EO provides formal presidential direction delineating five specific factors for the Committee to consider when reviewing foreign acquisitions of U.S. companies.
Continue Reading A First! President Hones Government’s Foreign Investment Review

Last week, the District Court for the Eastern District of California denied the defendant’s motion for summary judgment of a False Claims Act (FCA) count against Aerojet Rocketdyne (Aerojet) for allegedly fraudulently inducing the government to enter into federal contracts when the company knew it was not compliant with cybersecurity requirements.

The order contains important lessons for government contractors in the emerging area of FCA liability based on noncompliance with cybersecurity obligations. While the litigation is ongoing and may ultimately be resolved in Aerojet’s favor, the order demonstrates the growing importance of cybersecurity compliance.Continue Reading Government Contractors Face False Claims Act Liability for Cybersecurity Non-Compliance

For nearly two years, we have been reporting on this blog about the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment program designed to protect federal contract information (FCI) and controlled unclassified information (CUI) shared by DoD with its contractors and subcontractors through federal acquisition programs.

On November 4, the DOD announced that CMMC 2.0 would replace CMMC 1.0. The announcement was followed by a publication in the Federal Register of a summary of DOD’s CMMC 2.0 plans, which explains that the changes will be implemented through the notice and comment rulemaking process, proposing revisions/additions to titles 32 and 48 of the Code of Federal Regulations.

The decision was driven in large part by the more than 850 public comments submitted to the DoD in response to the CMMC 1.0 interim DFARS rule released on September 29, 2020, focusing on the need to enhance CMMC by doing the following, according to CMMC Frequently Asked Questions:

  1. Reducing costs, particularly for small businesses.
  2. Increasing trust in the CMMC assessment ecosystem.
  3. Clarifying and aligning cybersecurity requirements to other federal requirements and commonly accepted standards.

Continue Reading DOD Scraps CMMC 1.0 for CMMC 2.0

There is a new weapon in the Department of Justice’s (DOJ’s) already powerful False Claims Act (FCA) arsenal.  In October 2021, the DOJ announced a new Civil Cyber-Fraud Initiative, under which it will pursue FCA liability against government contractors in the cybersecurity space.  According to the announcement from Deputy Attorney General Lisa O. Monaco, the

I recently outlined the ever-growing list of compliance obligations for businesses that sell goods and services to the federal government in an article for Risk Management. “Some of the new regulatory requirements – such as obligations relating to cybersecurity and counterfeit parts – address challenges posed by an increasingly global, networked economy,” I explained in the article. “Others, such as the mandatory disclosure requirement, continue the trend of the government relying on third parties, whether it be whistleblowers or contractors themselves, to police the procurement system.”

To address the rising risk these complications pose, businesses should first ensure they have established an underlying compliance structure required by federal procurement regulations, as well as design effective training programs, translate the obligations into actionable policies, and effectively monitor adherence with those policies.Continue Reading Compliance Obligations for Government Contractors

Please join us for the Compliance & Government Investigations Seminar hosted by Bass, Berry & Sims and FTI Consulting. Due to ongoing COVID-19 concerns, this event will be virtual only.

We are excited for this year’s complimentary CLE program, which will provide the same caliber of practical advice, insight into government developments, and thoughtful discussion from industry panelists you have come to expect from this seminar. This year’s topics include:

  • Inside Scoop: Top Issues In-House Counsel Currently Face
  • Update on International Trade Regulations and Enforcement
  • SEC Update: Key Enforcement and Regulatory Priorities
  • Running an Investigation
  • Antitrust Is Back: DOJ and FTC Signal Significant Increase in Antitrust Enforcement
  • Data Privacy Update
  • Healthcare Fraud Enforcement Updates
  • Hot Topics in Procurement Fraud in 2021 and Beyond
  • COVID-19 Funding Fallout: Preparation for Government Scrutiny

This year’s seminar will be held from 8:30 a.m.–3:45 p.m. CDT on Tuesday, September 28. To register, please click here.

Click here to view the agenda.Continue Reading [Virtual Event] 8th Annual Compliance & Government Investigations Seminar

From the Bass, Berry & Sims Blog Network
From the Bass, Berry & Sims Blog Network

Thought Leadership by our Attorneys.