The Department of Justice (DOJ) recently reached a $4.6 million civil False Claims Act (FCA) settlement with MORSECORP, Inc. (MORSE) arising out of allegations that the company failed to comply with Department of Defense...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
On October 15, 2024, the Department of Defense (DoD) published the final rule for the Cybersecurity Maturity Model Certification (CMMC) Program that not only finalizes the long-anticipated CMMC Rule but also foreshadows what...more
Merger and acquisition (M&A) activity is often the lifeblood of corporate growth. While whole treatises can be, and have been, written on cybersecurity and legal challenges during M&A activity, the following are a few key...more
The Department of Justice (DOJ) secured another win for its Civil Cyber-Fraud Initiative last week when it resolved a False Claims Act (FCA) action[1] alleging Pennsylvania State University (Penn State) failed to comply with...more
To dramatically scale up the Modernizing the Federal Risk and Authorization Management Program (FedRAMP) marketplace, the Office of Management and Budget (OMB) has completely rewritten FedRAMP’s vision, scope and governance...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
On December 21, 2023, the Department of Defense (DoD) issued a memorandum (Memo) providing guidance and clarification on the security and cyber incident management requirements applicable for the use of external Cloud Service...more
As many Department of Defense (“DoD”) contractors know, if they want to store, process, or transmit covered defense information (“CDI”) with a cloud service provider (“CSP”), then the CSP must meet the security requirements...more
Inflation relief for defense contractors, a ban on procurement of products and services containing certain Chinese semiconductors, and codification of the Federal Risk and Authorization Management Program (FedRAMP) governing...more
On March 15, 2021, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which will require critical infrastructure owners and operators (among other things) to report...more
BUSINESS & TRANSACTIONS - Purchase Agreement Components, Part 2: Indemnification Provisions - In an acquisition, particularly an equity acquisition, a buyer must perform extensive due diligence on the target company to...more
As experienced protest counsel, we know (i) that you can pick lint off of any procurement; and (ii) because of that fact, a protester alleging error in the procurement process needs to show that the error was “prejudicial.”...more
While all companies should be concerned with their cybersecurity posture, companies in the aerospace, defense, and government services (ADG) industry are potentially subject to greater risks due to the industry's highly...more
Cloud computing is ubiquitous in the federal market place. Many federal contractors either provide cloud computing services to the government or use cloud computing services when performing a federal contract. For cloud...more