On May 3, 2024, the FAR Council published an advanced notice of proposed rulemaking (the “Advanced Notice”) seeking to implement Section 5949 of the James M. Inohfe National Defense Authorization Act for Fiscal Year 2023...more
On April 1, 2024, the FAR Council published a new Final Rule that establishes FAR Part 40 – but without any new provisions of substance. This Final Rule becomes effective on May 1, 2024. Subsequently, the FAR Council...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which was published in the...more
4/9/2024
/ Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Department of Defense (DOD) ,
Federal Contractors ,
Information Technology ,
New Regulations ,
Regulatory Agenda ,
Regulatory Reform ,
Reporting Requirements ,
Rulemaking Process ,
Supply Chain
On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional...more
On October 5, 2023, the FAR Council released an Interim Rule on “Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.” The Interim Rule implements requirements from Section 202 of the Federal...more
Yesterday we continued our series... with the Office of Management and Budget’s September 2022 memorandum requiring federal agencies to only use software from software producers that attest compliance with secure software...more
1/24/2023
/ Critical Infrastructure Sectors ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Acquisition Regulations (FAR) ,
Government Agencies ,
NIST ,
OMB ,
Popular ,
Software ,
Supply Chain
Per Executive Order 14028, Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) issued a memorandum on September 14, 2022 requiring federal agencies to only use software from software producers that...more
9/29/2022
/ Contract Solicitation ,
Cybersecurity ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Information Technology ,
NIST ,
OMB ,
Software ,
Supply Chain ,
Third-Party
Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays...more
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more
12/20/2021
/ Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Internet of Things ,
Popular ,
Software Developers ,
Supply Chain
The Department of Defense (DOD) recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our...more
The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October...more
11/11/2021
/ Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Information Technology ,
NIST ,
Risk Management ,
Software ,
Supply Chain ,
Technology
As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of...more
In February 2021, President Biden issued Executive Order 14017, “Executive Order on America’s Supply Chains” (discussed here), requiring (among other things) a report within 100-days requiring key government agencies to...more
6/30/2021
/ Batteries ,
CFIUS ,
Child Labor ,
China ,
Defense Production Act ,
Department of Defense (DOD) ,
Electric Vehicles ,
Executive Orders ,
Forced Labor ,
Geopolitical Risks ,
Greenhouse Gas Emissions ,
Human Rights ,
Joe Biden ,
Manufacturers ,
NDAA ,
Prescription Drugs ,
Russia ,
Semiconductors ,
Supply Chain
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on April 29, 2021....more
5/27/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Executive Orders ,
Information Technology ,
NIST ,
Popular ,
Software ,
Supply Chain ,
Technology
On May 12, 2021, the Biden Administration issued its much anticipated “Executive Order on Improving the Nation’s Cybersecurity.” Below are provisions we believe will be of most interest to contractors, as well as any company...more
5/19/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Department of Homeland Security (DHS) ,
DFARS ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Information Technology ,
Internet of Things ,
NIST ,
OMB ,
Popular ,
Software ,
Supply Chain ,
Technology
On February 24, 2021, President Biden signed Executive Order 14017, “Executive Order on America’s Supply Chains,” requiring a review of global supply chains that support key U.S. industries in an attempt to improve supply...more
4/1/2021
/ Biden Administration ,
Department of Agriculture ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
National Security ,
Regulatory Reform ,
Supply Chain
On January 1, 2021, Congress overrode President Trump’s veto of the Fiscal Year (“FY”) 2021 National Defense Authorization Act (“NDAA”) (the “Act”), Pub. L. No. 116-283. The $740 billion defense bill establishes funding...more
The Department of Defense (DoD) recently published an interim rule that sets forth its Cybersecurity Maturity Model Certification (CMMC) program plan, as well as new requirements for a “NIST SP 800-171 DoD Assessment...more
On July 14, 2020 the Department of Defense (“DoD”), General Services Administration (“GSA”), and the National Aeronautics and Space Administration (“NASA”) published an Interim Rule amending the Federal Acquisition Regulation...more
7/15/2020
/ China ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
General Services Administration (GSA) ,
Interim Rule ,
NASA ,
NDAA ,
Supply Chain ,
Technology Sector ,
Telecommunications
We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE....more
In accordance with Section 889(a)(1)(A) of the 2019 National Defense Authorization Act (Pub. L. No. 115-232) (the “2019 NDAA”), which required imposition of broad restrictions on procurements involving certain Chinese...more
8/14/2019
/ China ,
Department of Defense (DOD) ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Huawei ,
Interim Rule ,
NDAA ,
Reporting Requirements ,
Supply Chain ,
Telecommunications ,
US Trade Policies
On May 15, 2019, President Trump issued an Executive Order (“EO”) targeting activities of certain foreign telecommunications companies based in hostile countries. Entitled “Securing the Information and Communications...more
5/21/2019
/ Bureau of Industry and Security (BIS) ,
China ,
Entity List ,
Executive Orders ,
Export Administration Regulations (EAR) ,
Foreign Adversaries ,
Foreign Policy ,
Huawei ,
International Emergency Economic Powers Act (IEEPA) ,
Licensing Rules ,
National Security ,
Office of Foreign Assets Control (OFAC) ,
Prohibited Transactions ,
Supply Chain ,
Technology Sector ,
Telecommunications ,
Trump Administration ,
U.S. Commerce Department