The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which...more
8/22/2024
/ Certification Requirements ,
Code of Federal Regulations (CFR) ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Notice Requirements ,
OMB ,
Pentagon ,
Prime Contractor ,
Proposed Rules ,
Subcontractors
The National Institute of Standards and Technology (NIST) released the third revision of its Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations." This...more
Two years after announcing the second iteration of the U.S. Department of Defense's (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the DoD released its proposed rule that, if adopted, will implement the...more
12/28/2023
/ Certification Requirements ,
Code of Federal Regulations (CFR) ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
NASA ,
NIST ,
Prime Contractor ,
Proposed Rules ,
Subcontractors
The Inspector General (IG) for the U.S. Department of Defense (DOD) issued a report critical of recent efforts by contractors to protect Controlled Unclassified Information (CUI). The report, which followed the DOD IG's...more
12/11/2023
/ Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Government Investigations ,
Information Reports ,
Inspector General ,
Popular ,
Self-Certification
In this episode of “Regulatory Phishing,” Fernando Machado joins Government Contracts and Cybersecurity attorney Eric Crusius for an episode focused on the Cybersecurity Maturity Model Certification (CMMC) program. Mr....more
In this episode of “Regulatory Phishing,” Fernando Machado joins Government Contracts and Cybersecurity attorney Eric Crusius for an episode focused on the Cybersecurity Maturity Model Certification (CMMC) program. Mr....more
In this episode of "Regulatory Phishing," former U.S. Department of Defense Chief Information Security Officer (CISO) Katie Arrington joins Government Contracts and Cybersecurity attorney Eric Crusius to discuss the state of...more
In this episode of "Regulatory Phishing," government contracts and cybersecurity attorney Eric Crusius examines the newly released Cybersecurity Maturity Model Certification (CMMC) program documents. Mr. Crusius breaks down...more
In this episode of "Regulatory Phishing," Eric Crusius is joined by Tom Tollerton, a partner with FORVIS, a Certified Third-Party Assessment Organization (C3PAO). In this episode, Eric and Tom discuss the role of the C3PAO in...more
In this episode of "Regulatory Phishing," Eric Crusius is joined by Tom Tollerton, a partner with FORVIS, a Certified Third-Party Assessment Organization (C3PAO). In this episode, Eric and Tom discuss the role of the C3PAO in...more
Contractors that do business with the U.S. Department of Defense (DoD) and handle Controlled Unclassified Information (CUI) have been awaiting the issuance of a rule implementing the Cybersecurity Maturity Model Certification...more
The U.S. Department of Homeland Security (DHS) has issued comprehensive cybersecurity regulations aimed at protecting Controlled Unclassified Information (CUI). These regulations were long-awaited, as the original proposed...more
6/27/2023
/ Compliance ,
Cybersecurity ,
Data Protection ,
Department of Defense (DOD) ,
Department of Homeland Security (DHS) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
General Solicitation ,
New Regulations ,
Personally Identifiable Information ,
Sensitive Personal Information ,
Subcontractors
2023 promises to be a pivotal year for cybersecurity in government contracts. Besides the implementation of the Cybersecurity Maturity Model Certification (CMMC) program, new regulations are coming for civilian contractors,...more
President Joe Biden signed into law the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (2023 NDAA or Defense Bill) on Dec. 23, 2022. The Defense Bill, which passed the U.S. House of Representatives on...more
12/27/2022
/ Biden Administration ,
Bureau of Industry and Security (BIS) ,
China ,
Compliance ,
Department of Defense (DOD) ,
Due Diligence ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Iran ,
National Security ,
NDAA ,
North Korea ,
Popular ,
Prime Contractor ,
Russia ,
Safe Harbors ,
Semiconductors ,
Supply Chain ,
Technology Sector ,
U.S. Commerce Department ,
Waivers
The U.S. Department of Defense (DoD) recently released a memorandum signaling its increasing willingness to review contractor compliance with cybersecurity standards in its contracts and take action against noncompliant...more
7/14/2022
/ Best Practices ,
Compliance ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
False Claims Act (FCA) ,
Federal Contractors ,
NIST ,
Popular
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
12/8/2021
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Interim Final Rules (IFR) ,
National Security ,
NIST ,
Popular ,
Qui Tam
The Biden Administration on June 8, 20201, released findings from a 100-day interagency domestic supply chain assessment of critical products and outlined a series of steps it will take in order to strengthen U.S. critical...more
6/14/2021
/ American Rescue Plan Act of 2021 ,
Biden Administration ,
Critical Infrastructure Sectors ,
Defense Production Act ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Health and Human Services (HHS) ,
Department of Labor (DOL) ,
Executive Orders ,
International Trade ,
Manufacturers ,
Pharmaceutical Industry ,
Section 232 ,
Supply Chain ,
U.S. Commerce Department
The U.S. Department of Defense (DoD), U.S. General Services Administration (GSA), and National Aeronautics and Space Administration (NASA) issued a final rule, which generally adopts the Trump Administration's July 2019...more
The U.S. Department of Defense (DoD), General Services Administration (GSA) and National Aeronautics and Space Administration (NASA) released a prepublication version of an interim final rule that will bar contractors from...more
The U.S. Department of Defense (DoD) has released additional information relative to implementation of Section 3610 of the recently passed Coronavirus Aid, Relief, and Economic Security (CARES) Act. ...more
Attorneys Eric Crusius, Amy Fuentes, Kelsey Hayes and Vijaya Surampudi co-authored an article describing the major issues they expect government contracting professionals to face in the coming year. For example, the...more
3/2/2020
/ CFIUS ,
Compliance ,
Corporate Counsel ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Huawei ,
LPTA ,
Mentor-Protege Program ,
NDAA ,
OFCCP ,
SBA ,
Supply Chain ,
Whistleblowers
The U.S. Department of Defense (DoD) released version 1.0 of its Cybersecurity Maturity Model Certification (known as CMMC) on Jan. 31, 2020. The CMMC model draws heavily on the National Institute for Standards and...more
A new Federal Acquisition Regulation (FAR), "Reporting of Nonconforming Items to the Government Industry Data Exchange Program," will become effective on December 23, 2019. The new FAR provision (FAR 46.317) and clause (FAR...more
12/12/2019
/ Corporate Counsel ,
Counterfeit Parts ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Notice Requirements ,
Reporting Requirements ,
Subcontractors ,
Suppliers ,
Supply Chain
On November 27, 2019, the Department of Defense (DoD) issued a proposed rule to amend the Defense Federal Regulation Supplement (DFARS) regarding the Treatment of Certain Items as Commercial Items (DFARS Case 2019-D029). The...more
On November 5, 2019, the U.S. Government Accountability Office (GAO) issued its annual Bid Protest Report to Congress for Fiscal Year 2019. The annual report is a requirement of the Competition in Contracting Act and is an...more