News & Analysis as of

Compliance Federal Contractors National Institute of Standards and Technology

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. ... more +
Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations.  In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -
Clark Hill PLC

How does Executive Order 14306 shift the cyber strategy for government contractors?

Clark Hill PLC on

On June 6, a new Executive Order (EO) on cybersecurity altered the compliance landscape for federal contractors. The order pauses the imminent requirement for software vendors to formally attest compliance with the Secure...more

McCarter & English Blog: Government Contracts...

Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

McCarter & English Blog: Government Contracts... on

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction...more

McCarter & English Blog: Government Contracts...

The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

McCarter & English Blog: Government Contracts... on

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more

Foley & Lardner LLP

Latest FCA Cybersecurity Settlement Shows Enforcement Remains a Priority Under Trump Administration

Foley & Lardner LLP on

A recent United States Department of Justice (DOJ) announcement reinforces that enforcement of cybersecurity requirements under the False Claims Act (FCA) remains an ongoing risk. According to the press release, defense...more

Husch Blackwell LLP

The Proposed Rule to Amend FAR Guidance on Safeguarding CUI – Care to Comment?

Husch Blackwell LLP on

The FAR Council issued a proposed rule that would amend the several FAR provisions and add new clauses to provide guidance on the safe handling of CUI. Public comments on the proposed rule are being accepted until March 17,...more

Cozen O'Connor

FAR Proposed Controlled Unclassified Information Rule: A Path Toward Standardization

Cozen O'Connor on

On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more

Clark Hill PLC

It’s a New Year and a Good Time for a Cybersecurity Checkup

Clark Hill PLC on

2024 was another active year in cybersecurity, with high-profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more

Davis Wright Tremaine LLP

Analyzing President Biden's Ambitious Cybersecurity Executive Order

Davis Wright Tremaine LLP on

In his final days in office, President Biden signed an ambitious executive order to improve the federal government's approach to cybersecurity. Executive Order 14114 ("Executive Order"), issued January 16, 2025, titled...more

Sheppard Mullin Richter & Hampton LLP

At Long Last – The FAR CUI Rule is Here! 

Sheppard Mullin Richter & Hampton LLP on

The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of...more

Sheppard Mullin Richter & Hampton LLP

FedRAMP Releases New Draft Authorization Boundary Guidance

Sheppard Mullin Richter & Hampton LLP on

Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security...more

King & Spalding

Biden Administration’s Eleventh-Hour Executive Order Imposes New Software Requirements on Companies

King & Spalding on

On January 16, 2025, President Biden issued Executive Order 14144 on Strengthening and Promoting Innovation in the Nation’s Cybersecurity (the “EO”). Building on prior initiatives such as Executive Order 14028 and the...more

Woods Rogers

FAR Council Publishes Proposed Rule Imposing New Security Requirements on Contractors Handling CUI

Woods Rogers on

On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more

McCarter & English Blog: Government Contracts...

They Did It. They Really Did It! The Arrival of the FAR CUI Proposed Rule

McCarter & English Blog: Government Contracts... on

After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more

Foley & Lardner LLP

President Biden Issues Second Cybersecurity Executive Order

Foley & Lardner LLP on

In light of recent cyberattacks targeting the federal government and United States supply chains, President Biden’s administration has released an Executive Order (the “Order”) in an attempt to modernize and enhance the...more

Health Care Compliance Association (HCCA)

Penn State, GA Tech Cybersecurity Cases Join 10 Others FCA Attorney Has Under Seal

Health Care Compliance Association (HCCA) on

Note to research compliance officials still digesting news of Pennsylvania State’s recent $1.25 million settlement over False Claims Act (FCA) allegations related to cybersecurity and the government’s recent intervention in a...more

Vinson & Elkins LLP

DoD Releases Final CMMC Program Rule, Formally Initiating Its Cybersecurity Program

Vinson & Elkins LLP on

On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first...more

BakerHostetler

The DoD’s CMMC Rule Is Out: What Comes Next?

BakerHostetler on

On October 15, 2024, the Department of Defense (DoD) published the final rule for the Cybersecurity Maturity Model Certification (CMMC) Program that not only finalizes the long-anticipated CMMC Rule but also foreshadows what...more

Bass, Berry & Sims PLC

DoD Announces Cybersecurity Maturity Model Certification 2.0 Final Rule (Finally!)

Bass, Berry & Sims PLC on

After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more

Holland & Knight LLP

15 Key Takeaways from the Final CMMC Program Rule Issued by DOD

Holland & Knight LLP on

The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more

BakerHostetler

(Cyber)Security Theater 101 - Georgia Tech, a Teachable Moment

BakerHostetler on

On August 22, 2024, the United States intervened in a whistleblower suit against the Georgia Institute of Technology, initially filed by current and former members of Georgia Tech’s cybersecurity team, alleging that Georgia...more

Bradley Arant Boult Cummings LLP

Government Contractors Beware: DOJ Pursuing Cybersecurity Failures Under the False Claims Act

Bradley Arant Boult Cummings LLP on

The U.S. Department of Justice (DOJ) filed its first major complaint-in-intervention under the False Claims Act (FCA) premised on a government contractor’s alleged cybersecurity deficiencies since the DOJ’s Civil Cyber-Fraud...more

Pillsbury Winthrop Shaw Pittman LLP

U.S. Government Intervenes in Georgia Tech Cybersecurity False Claims Case

Pillsbury Winthrop Shaw Pittman LLP on

The Georgia Tech case serves as yet another reminder of the importance of contractor compliance with cybersecurity requirements in federal contracts. The Government alleges that Georgia Tech failed to comply with the...more

Alston & Bird

Justice Department Intervention in Cyber False Claims Act Case Signals Escalation of Risk for Government Contractors

Alston & Bird on

An unprecedented cyber qui tam action involving Georgia Tech’s alleged failure to comply with certain cybersecurity controls underscores the importance of having advanced cyber requirements for federal contractors. Our...more

Alston & Bird

Department of Justice Intervenes in Cybersecurity Qui Tam Action Against Georgia Tech

Alston & Bird on

On Thursday, August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention in the case of United States of America ex rel. Christopher Craig and Kyle Koza, v. Georgia Tech Research Corp....more

Holland & Knight LLP

DOJ Brings Suit Against University Under Its Civil Cyber-Fraud Initiative

Holland & Knight LLP on

Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more

42 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide