Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
Podcast - The State of Contractor Cybersecurity with Katie Arrington
What Do the Newly Released CMMC 2.1 Documents Mean?
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
Compliance Into The Weeds - Retreat on DoD Cybersecurity for Contractors
Federal Contracting Overseas: Insider Tips for Ensuring Compliance with Host Country Laws
The Inspector General (IG) for the U.S. Department of Defense (DOD) issued a report critical of recent efforts by contractors to protect Controlled Unclassified Information (CUI). The report, which followed the DOD IG's...more
Russian President Vladimir Putin issued Decree No. 302, “On Temporary Management Over Certain Assets,” on April 25, authorizing the Russian federal agency for state property management—or any governmental agency the president...more
The Department of Justice recently announced the launch of a Civil Cyber-Fraud Initiative, which has direct implications for government contractors and serves as a warning that slack cybersecurity practices will be a target...more
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
Compliance into the Weeds is the only weekly podcast that takes a deep dive into a Compliance-related topic, literally going into the weeds to more fully explore a subject. In today's episode, Matt and I take a look at the...more
The world is awash in data, and the amount of data continues to grow at an astounding rate. According to some estimates, global data storage will amount to more than 200 zettabytes by 2025. When you consider that one...more
During the COVID-19 pandemic, governments across the globe have become increasingly involved in the private sector. State-owned enterprises have long been common in Asia, but the pandemic has increased their prominence in...more
The Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.204-7008 and 252.204-7012 require defense contractors who possess, store or transmit “covered defense information” to comply with the security requirements...more
When the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) get together to issue a joint warning, you may wish to listen up....more
Federal district courts around the country continue to grapple with how to analyze “no-poach” agreements — whereby two or more companies agree not to hire or recruit each other’s workers — under the antitrust laws. Beginning...more
On January 30, 2020, the U.S. Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”) framework (CMMC overview here; CMMC Version 1.0 and appendices here). By 2026, DoD...more
- DoD has released the final version of the CMMC framework. - DoD anticipates that CMMC requirements will appear in a limited number of solicitations starting in October 2020 and that they will appear in all DoD...more
On January 30, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which will require DoD contractors and subcontractors to obtain third-party...more
2019 has been a year of pivotal developments for defense contractors in the realm of cybersecurity compliance. The Department of Defense (DoD) issued six guidance memoranda to assist its acquisition personnel in developing...more
The U.S. Department of Defense (DOD) is forging ahead in its plan to adopt a new framework for cybersecurity, with significant ramifications for all defense contractors, including subcontractors. On November 8, 2019, DOD...more
In the face of increasing concern over the security of Navy and Marine Corps (Navy) programs, the Navy Marine Corps Acquisition Regulation Supplement (NMCARS) was updated on September 6, 2019 to incorporate significant...more
Earlier this year, Assistant Secretary of Defense for Acquisition & Logistics Kevin Fahey announced that the Department of Defense (“DoD”) was working with Carnegie Mellon University and Johns Hopkins Applied Physics...more
As we reported last month, the Department of Defense (DoD) has been engaging in an unusual rollout of its new cybersecurity certification program by way of road tours—led by Katie Arrington, the Special Assistant to the...more
The defense contractor community is buzzing about a recent announcement by Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition for Cybersecurity. The announcement? The costs of...more
As predicted, a recent decision from the Federal District Court for the Eastern District of California is the first sign of a new, and potentially enormous wave, of Civil False Claims Act, 31 U.S.C. §§ 3729-33 (“FCA”) actions...more
A California federal court recently allowed a relator’s False Claims Act suit against two federal contractors to proceed where the relator’s allegations centered on purported noncompliance with federal cybersecurity...more
On May 16, 2017, the United States Court of Appeals for the Fourth Circuit, which governs cases pending in North Carolina, issued an opinion that reveals the parameters within which an employer may fill an employee’s position...more
Today marks just over a month since Donald Trump was elected as the next President of the United States. As each cabinet appointment is announced, we get more clues to help us predict which direction the Trump...more
On December 30, 2015, the Department of Defense (DoD) issued a second interim rule on Network Penetration Reporting and Contracting for Cloud Services, amending an earlier version issued on August 26, 2015. The new, amended...more
The United States Department of Defense promulgated an “interim” rule, effective August 26, 2015, which placed imposing and costly burdens on all DoD contractors and subcontractors (including small businesses and commercial...more