Cybersecurity Government Contracts and Investigations.
Cybersecurity | Government Contracts & Investigations Blog Latest Updates on Developments Affecting Government Contracts & Investigations
- DoD Issues Proposed Rule for New Disclosures on Foreign Review of Computer Codeby Townsend Bourne and Sidney Howe* on December 13, 2024 at 5:00 pm
On November 15, 2024, the Department of Defense (“DoD”) issued a long-awaited Proposed Rule to implement Section 1655 of the National Defense Authorization Act for Fiscal Year 2019. Section 1655 prohibits DoD from acquiring technology, cybersecurity, industry control, or weapon system products or services unless the contractor provides certain disclosures. Specifically, per newly proposed Defense… Continue Reading
- Update – Penn State to Pay Up for Cyber-Related FCA Caseby Townsend Bourne, Nikole Snyder and Sidney Howe* on October 30, 2024 at 6:39 pm
On October 22, 2024, the Department of Justice (“DOJ”) announced that Pennsylvania State University (“Penn State”) has agreed to pay $1,250,000 to settle a False Claims Act (“FCA”) case brought against the University approximately two years ago. The whistleblower in the case, former chief information officer of the Penn State Applied Research Laboratory, alleged that… Continue Reading
- Countdown to Compliance: DoD Finalizes the CMMC Program Ruleby Townsend Bourne, Lillia Damalouji and Sidney Howe* on October 15, 2024 at 5:43 pm
On October 15, 2024, the Department of Defense (“DoD”) published the final version of its Cybersecurity Maturity Model Certification (“CMMC”) rule in Title 32 of the Code of Federal Regulations (the “Final Rule”). (Reminder, there are two CMMC rulemakings going on in parallel. This Final Rule updates DoD national security regulations while the other rulemaking… Continue Reading
- DOJ Sues Georgia Tech Entities for Cybersecurity Failures in the Latest Civil Cyber Fraud Initiative (CCFI) Activityby Townsend Bourne and Nikole Snyder on August 26, 2024 at 7:49 pm
On August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (“Georgia Tech”) and Georgia Tech Research Corp. (“GTRC”). The 99-page DOJ Complaint alleges the defendants knowingly failed to meet contractual cybersecurity requirements in connection with various Department of Defense (“DoD”) contracts. The suit… Continue Reading
- The CMMC Rule To Update the DFARS is Here!by Townsend Bourne and Lillia Damalouji on August 16, 2024 at 3:54 pm
The proposed rule to implement the Cybersecurity Maturity Model Certification (“CMMC”) program in the Defense Federal Acquisition Regulation Supplement (“DFARS”) was published in the Federal Register on August 15, 2024 and will have a 60-day comment period (through October 15, 2024). The proposed rule mirrors the Title 32 Code of Federal Regulations (“CFR”) CMMC proposed… Continue Reading
- Navigating the New Cybersecurity Regulatory Landscape Post-Chevronby Townsend Bourne, Jordan Mallory and Nikole Snyder on July 31, 2024 at 4:49 pm
On June 28, 2024, in a landmark decision, the Supreme Court overruled the four decade old case Chevron v. Natural Resources Defense Council. This pivotal decision should spur businesses to recalibrate their existing relationship with federal agencies. Indeed, we have already seen industry groups begin to use the overruling to influence agency rulemaking, signaling a… Continue Reading
- Summer Heat Ramping Up: FedRAMP Releases Final OMB Memo and Announces Update on Roadmap Progress, Automation Site Launch, and the Agile Delivery Pilot Launchby Townsend Bourne and Daniel Alvarado on July 31, 2024 at 4:44 pm
It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released the final Emerging Technology Prioritization Framework, which outlines the prioritization of certain artificial intelligence capabilities. In mid-July, FedRAMP announced its Agile… Continue Reading
- Data, Deals, and Diplomacy: How the Bulk Data Executive Order Will Shape Future Contracts and Security Practicesby Townsend Bourne and Jordan Mallory on June 26, 2024 at 8:54 pm
For companies in the U.S. that hold certain personal data and U.S. Government-related data, rules stemming from recent Executive Order (“EO”) 14117 on “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” may create obstacles and new compliance obligations. Under this EO, the Attorney General is charged… Continue Reading
- Latest Cyber-Related FCA Settlement Underscores the Breadth of DOJ’s Civil Cyber-Fraud Focusby Townsend Bourne and Nikole Snyder on June 26, 2024 at 8:50 pm
On June 17, 2024, the Department of Justice (“DOJ”) announced the latest settlement under its Civil Cyber-Fraud Initiative (“CCFI”) (previously discussed here).[1] The settlement resulted in a total of $11,300,000 in payments from two consulting companies (Guidehouse, Inc., the prime contractor, which paid $7,600,000; and Nan Kay and Associates, the subcontractor, which paid $3,700,000) to… Continue Reading
- Not an April Fools Joke – FAR Part 40 Final Rule Has Been Publishedby Townsend Bourne and Lillia Damalouji on April 29, 2024 at 7:20 pm
On April 1, 2024, the FAR Council published a new Final Rule that establishes FAR Part 40 – but without any new provisions of substance. This Final Rule becomes effective on May 1, 2024. Subsequently, the FAR Council published a Request for Information (“RFI”) on April 10, 2024. The RFI seeks feedback on the scope… Continue Reading