Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Maida Oringher LernerPhoto of Michael G. Gruden, CIPP/GPhoto of Christopher Hebdon

The National Institute of Standards and Technology (NIST) recently released the final version of NIST Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information. Designed to supplement the requirements in NIST SP 800-171—the applicable standard under DFARS 252.204-7012—800-172 provides 35 enhanced security requirements to protect controlled unclassified information (CUI) associated with

Photo of Peter J. EyrePhoto of Rina Gashaw

This week’s episode covers a False Claims Act update from DOJ, DOD COVID-19 vaccination plan of interest to contractors, final rule on LPTA, a Commerce final rule on information and communications technology or services, and range of executive orders issued by President Biden, and is hosted by partner Peter Eyre and associate Rina Gashaw. Crowell

Photo of Thomas P. GiesPhoto of Rina Gashaw

On January 7, 2021, Ms. Ellen M. Lord, on behalf of the Department of Defense (DoD) Office of the Undersecretary of Defense, issued a memorandum for the Defense Industrial Base (DIB) regarding the DoD COVID-19 Vaccine Allocation and Distribution Policy. This memo, along with the attached DoD guidance documents, the “Coronavirus Disease 2019 Vaccine Guidance”

Photo of Adelicia R. CliffePhoto of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Michael G. Gruden, CIPP/GPhoto of Christopher Hebdon

The Department of Defense (DoD) recently implemented additional procedures for the mitigation of cybersecurity risks in its supply chain. Designed to identify and mitigate cybersecurity and related supply chain risks throughout a program’s lifecycle, DoD Instruction 5000.90, Cybersecurity Acquisition Decision Authorities and Program Managers, requires program managers to:

  • Assess contractors’ cybersecurity posture, including, where

Photo of Trina Fairley BarlowPhoto of Peter J. EyrePhoto of Kris D. MeadePhoto of Rebecca SpringerPhoto of Monica DiFonzo Sterling

On January 6, 2021, the DoD issued a class deviation, effective immediately, to implement the nationwide court order enjoining Sections 4 and 5 of Executive Order (EO) 13950, Combating Race and Sex Stereotyping, as well as guidance provided by the Office of Federal Contract Compliance Programs (OFCCP). EO 13950 prohibits federal agencies, contractors, and

Photo of Alan W. H. GourleyPhoto of Adelicia R. CliffePhoto of Jonathan M. BakerPhoto of Stephanie Crawford

Yesterday, the Office of the Under Secretary of Defense for Intelligence & Security, Department of Defense (DoD) published a final rule codifying the National Industrial Security Program Operation Manual (NISPOM) (DoDM 5220.22) into 32 C.F.R. Part 117. For the most part, this action simply inserts the long-applicable NISPOM requirements into the CFR, but DoD has

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Evan D. WolffPhoto of Michael G. Gruden, CIPP/G

This week, the DoD announced the first group of pilot programs under the Cybersecurity Maturity Model Certification. Although still under review, these programs will likely be among a small group to issue solicitations in FY2021 that will require a CMMC certificate to be eligible for award. The DoD expects to identify eight other programs

Photo of Peter J. EyrePhoto of Steve McBradyPhoto of Nicole Owren-WiestPhoto of J. Chris HailePhoto of Brian Tully McLaughlinPhoto of Skye MathiesonPhoto of Charles BaekPhoto of John NakonecznyPhoto of Michelle Coleman

On December 9, 2020, the Department of Defense Office of Inspector General (DoD OIG) released its Audit of Department of Defense Implementation of Section 3610 of the Coronavirus Aid, Relief, and Economic Security Act.  The audit assesses the DoD’s issuance of relief under Section 3610, which authorizes certain agencies to reimburse contractors for any

Photo of Adelicia R. CliffePhoto of Alan W. H. GourleyPhoto of M.Yuan ZhouPhoto of Stephanie Crawford

Section 889(a)(1)(B) of the FY 2019 NDAA, scheduled to become effective on August 13, 2020, bars the Government from entering into a contract, or extending or renewing a contract, with any entity that uses certain covered telecommunications equipment or services. The prohibition against “use” of covered equipment applies broadly to a contractor’s “use” anywhere within

Photo of Kate M. Growley, CIPP/G, CIPP/USPhoto of Michelle ColemanPhoto of Laura J. Mitchell Baker

Consistent with  the U.S. Department of Defense’s (DoD) Artificial Intelligence (AI) Strategy, as we previously reported on here, on April 13, 2020, DOD published a Request for Information (RFI) requesting assistance from academia and industry with the development and planning of a potential new requirement for DOD’s Joint Artificial Intelligence Center’s (JAIC) Testing &