On January 20 and 21, 2025, President Trump signed two executive orders focused on Diversity, Equity, and Inclusion (DEI) programs: EO 14151, “Ending Radical and Wasteful Government DEI Programs and Preferencing” and EO...more
In the ever-evolving world of cybersecurity, even organizations that meet stringent security standards can be victims of sophisticated cyberattacks. A notable example of this is the December 8, 2024 cybersecurity incident...more
1/30/2025
/ Cloud Computing ,
Cloud Service Providers (CSPs) ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Federal Contractors ,
FedRAMP ,
Incident Response Plans ,
National Security ,
Risk Management ,
Third-Party ,
U.S. Treasury
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
1/8/2025
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Department of Defense (DOD) ,
DFARS ,
Enforcement ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
FedRAMP ,
National Security ,
Reporting Requirements ,
Risk Management ,
Software
On October 22, 2024, the Department of Justice (“DOJ”) announced that Pennsylvania State University (“Penn State”) has agreed to pay $1,250,000 to settle a False Claims Act (“FCA”) case brought against the University...more
10/31/2024
/ Chief Information Officers (CIO) ,
Cybersecurity ,
Defense Contracts ,
Department of Defense (DOD) ,
False Claims Act (FCA) ,
Federal Contractors ,
NASA ,
Penn State ,
Regulatory Requirements ,
Settlement ,
Whistleblowers ,
White Collar Crimes
On August 22, 2024, the United States Department of Justice (DOJ) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (Georgia Tech) and Georgia Tech Research Corp. (GTRC). The...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
2/9/2024
/ Cloud Computing ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Rights ,
Data Security ,
Department of Defense (DOD) ,
Enforcement Actions ,
Federal Contractors ,
FedRAMP ,
Fraud ,
Privacy Laws ,
Software
Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”)...more
1/3/2024
/ Certification Requirements ,
Comment Period ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
DCMA ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
Proposed Rules
A few weeks ago, we discussed two recent cyber-related False Claims Act (FCA) cases. One of those cases is a qui tam lawsuit against Penn State and, as of the date of our article, we were waiting to see if DOJ would opt to...more
In recent weeks, there has been an uptick in news of cyber-related False Claims Act (“FCA”) activity. For example, on September 1, 2023, the court unsealed a qui tam lawsuit against Penn State University relating to...more
9/12/2023
/ Compliance ,
Compliance Monitoring ,
Controlled Defense Information (CDI) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Department of Justice (DOJ) ,
DFARS ,
Enforcement ,
False Claims Act (FCA) ,
Federal Contractors ,
Internal Investigations ,
Policies and Procedures ,
Popular ,
Qui Tam ,
Universities ,
Whistleblowers
The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the...more
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with...more
12/20/2021
/ Biden Administration ,
Cyber Threats ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Internet of Things ,
Popular ,
Software Developers ,
Supply Chain
Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement of Executive...more
12/9/2021
/ Biden Administration ,
Constitutional Challenges ,
Coronavirus/COVID-19 ,
Employees ,
Employer Liability Issues ,
Employer Mandates ,
Executive Orders ,
Federal Contractors ,
Federal Employees ,
Injunctions ,
Masks ,
Multidistrict Litigation ,
OSHA ,
Social Distancing ,
State and Local Government ,
Stays ,
Subcontractors ,
Vaccinations ,
Virus Testing
On September 9, 2021, the President issued Executive Order 14042, which applies new rules – including vaccination mandates – to Federal contractors and subcontractors. EO 14042 does not include a weekly testing option and is...more
11/17/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Employer Mandates ,
Executive Orders ,
Federal Contractors ,
Federal Employees ,
OSHA ,
Subcontractors ,
Vaccinations ,
Virus Testing ,
Workplace Safety
The Department of Defense (DOD) recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our...more
On November 4, 2021, the Department of Defense (“DOD”) announced several changes to the Cybersecurity Maturity Model Certification (“CMMC”) program – the program that DOD intends to use to enhance the security of the defense...more
On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement...more
10/29/2021
/ Cybersecurity ,
Data Protection ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Federal Contractors ,
Fraud ,
Policies and Procedures ,
Popular ,
Regulatory Oversight ,
Reporting Requirements
On September 9, 2021, President Biden signed an Executive Order (EO) to implement COVID safety protocols for Federal service contractors and subcontractors. While the EO did not outline specific rules, it did direct a Federal...more
10/8/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Covered Employer ,
Employees ,
Employer Mandates ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Federal Employees ,
General Services Administration (GSA) ,
OSHA ,
Vaccinations ,
Workplace Safety
On September 9, 2021, President Biden signed an Executive Order (EO) to implement COVID safety protocols for Federal service contractors. While the EO did not identify specific safety protocols, it did direct a Federal task...more
9/16/2021
/ Biden Administration ,
Coronavirus/COVID-19 ,
Department of Labor (DOL) ,
Executive Orders ,
Federal Contractors ,
OSHA ,
Prime Contractor ,
Subcontractors ,
Vaccinations ,
Virus Testing ,
Workplace Safety
On February 24, 2021, President Biden signed Executive Order 14017, “Executive Order on America’s Supply Chains,” requiring a review of global supply chains that support key U.S. industries in an attempt to improve supply...more
4/1/2021
/ Biden Administration ,
Department of Agriculture ,
Department of Defense (DOD) ,
Department of Energy (DOE) ,
Department of Health and Human Services (HHS) ,
Department of Homeland Security (DHS) ,
Department of Transportation (DOT) ,
Executive Orders ,
Federal Contractors ,
National Security ,
Regulatory Reform ,
Supply Chain
On December 21, 2020, the Department of Defense (“DoD”) published a final rule in the Federal Register that codifies the National Industrial Security Program Operating Manual (“NISPOM”) in the Code of Federal Regulations...more
On January 1, 2021, Congress overrode President Trump’s veto of the Fiscal Year (“FY”) 2021 National Defense Authorization Act (“NDAA”) (the “Act”), Pub. L. No. 116-283. The $740 billion defense bill establishes funding...more
The Department of Defense (DoD) recently published an interim rule that sets forth its Cybersecurity Maturity Model Certification (CMMC) program plan, as well as new requirements for a “NIST SP 800-171 DoD Assessment...more