Please join us on November 2 for an engaging webinar, Demystifying Controlled Unclassified Information Requirements: Overview of the Regulatory Landscape and Strategies for Implementing a Successful Compliance Program, alongside Stacy High-Brinkley from BDO. Together, we will illuminate the dynamic landscape of federal Controlled Unclassified Information (CUI) requirements.Continue Reading Register Now | Demystifying Controlled Unclassified Information Requirements Webinar
On May 10, the National Institute of Standards and Technology (NIST) released its initial public draft of SP 800-171, Revision 3, a set of updated guidelines aimed at helping organizations better handle confidential unclassified information (CUI) that resides on non-federal systems. Continue Reading NIST Releases Public Draft of Revised Guidelines Aimed at Helping Contractors Protect Sensitive Information
On September 15, President Biden announced the issuance of Executive Order (EO) 14083 to sharpen the focus of inbound investment screening by more formally tying the role of the Committee on Foreign Investment in the United States (CFIUS or the Committee) to the president’s national security prerogatives. For the first time since the Committee was established in 1975, the EO provides formal presidential direction delineating five specific factors for the Committee to consider when reviewing foreign acquisitions of U.S. companies.
Continue Reading A First! President Hones Government’s Foreign Investment Review
Last week, the District Court for the Eastern District of California denied the defendant’s motion for summary judgment of a False Claims Act (FCA) count against Aerojet Rocketdyne (Aerojet) for allegedly fraudulently inducing the government to enter into federal contracts when the company knew it was not compliant with cybersecurity requirements.
The order contains important lessons for government contractors in the emerging area of FCA liability based on noncompliance with cybersecurity obligations. While the litigation is ongoing and may ultimately be resolved in Aerojet’s favor, the order demonstrates the growing importance of cybersecurity compliance.Continue Reading Government Contractors Face False Claims Act Liability for Cybersecurity Non-Compliance
For nearly two years, we have been reporting on this blog about the Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment program designed to protect federal contract information (FCI) and controlled unclassified information (CUI) shared by DoD with its contractors and subcontractors through federal acquisition programs.
On November 4, the DOD announced that CMMC 2.0 would replace CMMC 1.0. The announcement was followed by a publication in the Federal Register of a summary of DOD’s CMMC 2.0 plans, which explains that the changes will be implemented through the notice and comment rulemaking process, proposing revisions/additions to titles 32 and 48 of the Code of Federal Regulations.
The decision was driven in large part by the more than 850 public comments submitted to the DoD in response to the CMMC 1.0 interim DFARS rule released on September 29, 2020, focusing on the need to enhance CMMC by doing the following, according to CMMC Frequently Asked Questions:
There is a new weapon in the Department of Justice’s (DOJ’s) already powerful False Claims Act (FCA) arsenal. In October 2021, the DOJ announced a new Civil Cyber-Fraud Initiative, under which it will pursue FCA liability against government contractors in the cybersecurity space. According to the announcement from Deputy Attorney General Lisa O. Monaco, the
I recently outlined the ever-growing list of compliance obligations for businesses that sell goods and services to the federal government in an article for Risk Management. “Some of the new regulatory requirements – such as obligations relating to cybersecurity and counterfeit parts – address challenges posed by an increasingly global, networked economy,” I explained in the article. “Others, such as the mandatory disclosure requirement, continue the trend of the government relying on third parties, whether it be whistleblowers or contractors themselves, to police the procurement system.”
To address the rising risk these complications pose, businesses should first ensure they have established an underlying compliance structure required by federal procurement regulations, as well as design effective training programs, translate the obligations into actionable policies, and effectively monitor adherence with those policies.Continue Reading Compliance Obligations for Government Contractors
Please join us for the Compliance & Government Investigations Seminar hosted by Bass, Berry & Sims and FTI Consulting. Due to ongoing COVID-19 concerns, this event will be virtual only.
We are excited for this year’s complimentary CLE program, which will provide the same caliber of practical advice, insight into government developments, and thoughtful discussion from industry panelists you have come to expect from this seminar. This year’s topics include:
This year’s seminar will be held from 8:30 a.m.–3:45 p.m. CDT on Tuesday, September 28. To register, please click here.
Click here to view the agenda.Continue Reading [Virtual Event] 8th Annual Compliance & Government Investigations Seminar
We are looking forward to presenting a training webinar titled, “The Federal Government’s Continuing IT Upgrade – Changes in Cloud Computing & Cybersecurity” for the Maryland Procurement Technical Assistance Center (Maryland PTAC). The US government, the largest purchaser of goods and services in the world, is in the midst of an IT revolution. Much of
Last month, the U.S. Court of Appeals for the Federal Circuit’s (Federal Circuit) opinion in The Boeing Co. v. Secretary of the Air Force shed additional light on the technical data rights of contractors under defense contracts. The decision hinges on the fact that technical data provided by a contractor to the government remains the property of the contractor. Additionally, contractors retain certain rights in connection with technical data even when the government has so-called “unlimited rights” to use it.
In this case, Boeing held two contracts with the U.S. Air Force (USAF) for work on the F-15 Eagle Passive/Active Warning Survivability System. The contracts included the requirement for delivery of technical data to the USAF with Unlimited Rights and the DFARS 252.227-7013, non-commercial technical data rights clause (Subsection 7013). The parties did not dispute that Boeing retained ownership of technical data delivered to the USAF under the contracts, but Boeing contended that its legends on the technical data were intended to protect its rights as they pertained to third parties. Namely, putting third parties on notice of the proprietary nature of the data and directing that “Non-US Government Entities May Use and Disclose Only As Permitted In Writing By Boeing Or By The US Government.” The USAF rejected the data deliverables marked in this manner, finding them nonconforming and Boeing requested a final Contracting Officer’s decision on the matter.
The Contracting Officer’s final decision confirmed that the USAF was correct in rejecting the legends and directed Boeing to correct them. Boeing appealed the decision to the Armed Services Board of Contract Appeals (ASBCA) on the ground that Boeing’s legend was “not nonconforming” under Subsection 7013(f) since its legend did not address restrictions on government rights, only third-party rights. The ASBCA, ruling on the motion for summary judgment, disagreed, siding with the USAF’s position that only the legends listed in Subsection 7013(f) are authorized and Boeing’s legend was not one of those. Boeing appealed this decision to the Federal Circuit.Continue Reading Federal Circuit Confirms DoD Contractor’s Expanded Restrictions on Non-Government Parties Rights in Data