On January 20 and 21, 2025, President Trump signed two executive orders focused on Diversity, Equity, and Inclusion (DEI) programs: EO 14151, “Ending Radical and Wasteful Government DEI Programs and Preferencing” and EO...more
In the ever-evolving world of cybersecurity, even organizations that meet stringent security standards can be victims of sophisticated cyberattacks. A notable example of this is the December 8, 2024 cybersecurity incident...more
1/30/2025
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Contractors ,
FedRAMP ,
Incident Response Plans ,
National Security ,
Risk Management ,
Third-Party ,
U.S. Treasury
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
1/8/2025
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Department of Defense (DOD) ,
DFARS ,
Enforcement ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
FedRAMP ,
National Security ,
Reporting Requirements ,
Risk Management ,
Software
On October 22, 2024, the Department of Justice (“DOJ”) announced that Pennsylvania State University (“Penn State”) has agreed to pay $1,250,000 to settle a False Claims Act (“FCA”) case brought against the University...more
10/31/2024
/ Chief Information Officers (CIO) ,
Cybersecurity ,
Defense Contracts ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Contractors ,
NASA ,
Penn State ,
Regulatory Requirements ,
Settlement ,
Whistleblowers ,
White Collar Crimes
On August 22, 2024, the United States Department of Justice (DOJ) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (Georgia Tech) and Georgia Tech Research Corp. (GTRC). The...more
On June 28, 2024, in a landmark decision, the Supreme Court overruled the four decade old case Chevron v. Natural Resources Defense Council. This pivotal decision should spur businesses to recalibrate their existing...more
8/1/2024
/ Administrative Procedure Act ,
Chevron Deference ,
Chevron v NRDC ,
Cybersecurity ,
Government Agencies ,
Judicial Authority ,
Loper Bright Enterprises v Raimondo ,
Popular ,
SCOTUS ,
Statutory Authority ,
Statutory Interpretation
On June 17, 2024, the Department of Justice (“DOJ”) announced the latest settlement under its Civil Cyber-Fraud Initiative (“CCFI”)... The settlement resulted in a total of $11,300,000 in payments from two consulting...more
The U.S. Government continues to increase its Federal investment in space – not for exploration, but rather as a defense strategy – and this continued investment provides significant opportunity for commercial entities to...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
2/9/2024
/ Cloud Computing ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Rights ,
Data Security ,
Department of Defense (DOD) ,
Enforcement Actions ,
Federal Contractors ,
FedRAMP ,
Fraud ,
Privacy Laws ,
Software
The Department of Defense published a much-anticipated Proposed Rule at the end of last year for its Cybersecurity Maturity Model Certification program. The proposed rule is our first comprehensive look at the latest...more
On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor...more
On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber incident disclosures, pursuant to a...more
1/22/2024
/ Banking Sector ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Justice (DOJ) ,
Disclosure Requirements ,
Enforcement Actions ,
Form 8-K ,
National Security ,
New Guidance ,
Reporting Requirements ,
Securities and Exchange Commission (SEC)
Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”)...more
1/3/2024
/ Certification Requirements ,
Comment Period ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
DCMA ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Proposed Rules
A few weeks ago, we discussed two recent cyber-related False Claims Act (FCA) cases. One of those cases is a qui tam lawsuit against Penn State and, as of the date of our article, we were waiting to see if DOJ would opt to...more
In recent weeks, there has been an uptick in news of cyber-related False Claims Act (“FCA”) activity. For example, on September 1, 2023, the court unsealed a qui tam lawsuit against Penn State University relating to...more
9/12/2023
/ Compliance ,
Compliance Monitoring ,
Controlled Defense Information (CDI) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
DFARS ,
Enforcement ,
False Claims Act (FCA) ,
Federal Contractors ,
Internal Investigations ,
Policies and Procedures ,
Popular ,
Qui Tam ,
Universities ,
Whistleblowers
On March 2, 2023, Deputy Attorney General Lisa Monaco delivered remarks to the ABA’s National Institute on White Collar Crime. Unsurprisingly, her remarks focused heavily on inspiring a culture of compliance – including...more
Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays...more
The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the...more
On March 8, 2022, just five months after the creation of the Department of Justice’s (“DOJ”) new Civil Cyber-Fraud Initiative (previously discussed...), the DOJ announced its first settlement of a cyber-related fraud case...more
President Biden recently signed a National Security Memorandum on cybersecurity. This memorandum was required by an earlier executive order, which we previously have discussed here. The new memorandum (NSM) requires certain...more
Just when you didn’t think things could get any weirder, on Friday, January 21, 2022, the U.S. District Court for the Southern District of Georgia issued a ruling clarifying its prior EO 14042 injunction (currently on appeal...more
1/26/2022
/ Centers for Medicare & Medicaid Services (CMS) ,
Coronavirus/COVID-19 ,
DFARS ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Georgia ,
Injunctions ,
Masks ,
OSHA ,
Social Distancing ,
Vaccinations
On January 13, 2022, the Supreme Court reinstated the nationwide injunction of the Occupational Safety and Health Administration’s (OSHA) COVID-19 Emergency Temporary Standard (ETS). (Technically, the Court overturned the...more
1/19/2022
/ Biden v Missouri ,
Centers for Medicare & Medicaid Services (CMS) ,
Constitutional Challenges ,
Coronavirus/COVID-19 ,
Employer Mandates ,
Healthcare Workers ,
OSHA ,
SCOTUS ,
Stays ,
Vaccinations ,
Virus Testing ,
Workplace Safety
Just as we thought 2022 was going to be significantly different than 2021, December 2021 and January 2022 events have thrown us for another (pandemic) loop. We anticipate that some of the privacy and cybersecurity...more
1/12/2022
/ Artificial Intelligence ,
Auto-Dialed Calls ,
Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
CAN-SPAM Act ,
CARU ,
CDPA ,
Consumer Privacy Rights ,
COPPA ,
Cross-Border Transactions ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Employee Tracking ,
EU ,
FCC ,
Federal Trade Commission (FTC) ,
Food and Drug Administration (FDA) ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Identity Theft ,
Machine Learning ,
Mobile Privacy ,
Ransomware ,
SCOTUS ,
TCPA
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more