The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Podcast - Navigating the Updated SF-328 Form
Podcast - A Comparative Guide to Obtaining an FCL: DCSA vs. the Intelligence Community
Diversifying Your Contract Pipeline by Maximizing Opportunities through the DOD’s Mentor Protégé Program
A Comprehensive Overview of FOCI Mitigation
Podcast - Defense Dynamics: Navigating the Post-Election Landscape for the National Security Sector, Part 2
Mitigating FOCI Under Section 847
Episode 345 -- Raytheon Pays $950 Million to Resolve Fraud, FCPA, ITAR and False Claims Act Violations
Everyone Come to Play: Exploring FOCI Mitigation Instruments
Defense Dynamics: Navigating the Post-Election Landscape for the National Security Sector
Podcast - Navigating M&A Due Diligence: Safeguarding Security Clearances
Podcast - Change Condition Packages: Tips for Cleared Contractors
Podcast - Corporate Documents in the Context of Clearances
Navigating Personnel Security Clearances (PCLs)
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
What Is an FCL and How Do I Obtain One?
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
Intellectual Property In Department of Defense Contracting
The When, Where, Why and How of CMMC with Fernando Machado
Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter,...more
This week, the Trump Administration reached the 100-day mark—a significant milestone in any presidential term wherein key administrative priorities and objectives are promulgated. Perhaps unsurprisingly, cybersecurity stands...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
The Federal Acquisition Regulation (FAR) Council issued its long awaited proposed rule on Controlled Unclassified Information (CUI) on January 15, 2025. The proposed rule establishes a common form to be used by all federal...more
On January 15, 2025, the Federal Acquisition Regulatory (FAR) Council issued a proposed rule that, if adopted, would uniformly define and protect Controlled Unclassified Information (CUI) across the government. The proposed...more
The Servicemember Quality of Life Improvement and National Defense Authorization Act for Fiscal Year 2025 (FY2025 NDAA), signed into law on December 23, 2024, has significant implications for defense acquisition and...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
Merger and acquisition (M&A) activity is often the lifeblood of corporate growth. While whole treatises can be, and have been, written on cybersecurity and legal challenges during M&A activity, the following are a few key...more
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking...more
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and...more
On April 4, 2024, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) officially published its Notice of Proposed Rulemaking (NPRM) detailing significant new cybersecurity...more
The Cybersecurity and Infrastructure Security Agency (“CISA”) recently released its new Proposed Rule pursuant to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which was published in the...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (“CISA”) released proposed regulations requiring expansive new cybersecurity incident and ransomware payment reporting across sixteen “critical...more
On December 21, 2023, the Department of Defense (DoD) issued a memorandum (Memo) providing guidance and clarification on the security and cyber incident management requirements applicable for the use of external Cloud Service...more
Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration...more
Two years after the Department of Justice (DOJ) established its Civil-Cyber Fraud Initiative, there has been a recent uptick in enforcement and regulatory activity related to cybersecurity. September opened with the unsealing...more
The Department of Defense Inspector General (DoDIG) recently released its “Audit of the DoD’s Implementation and Oversight of the Controlled Unclassified Information [CUI] Program” (DODIG-2023-078). The audit highlights some...more
Selected Developments in U.S. Law - Department of Defense Suspends the CMMC Pilot Program and CMMC Requirements in DoD Solicitations Pending Major Changes for CMMC 2.0. On November 5, 2021, the Department of Defense...more
The legislation would require all federal contractors to report potential and actual cybersecurity incidents to the Department of Homeland Security. The Act would impose a 24-hour reporting requirement on federal...more
The Colonial Pipeline cyberattack prompted the issuance of a long-awaited executive order (EO) on improving U.S. cybersecurity. The EO mandates that, within six months, all federal agencies implement multi-factor...more
Two significant changes are underway by the Defense Counterintelligence and Security Agency (DCSA) – both of which require the immediate attention of businesses that hold a U.S. security clearance or are in the process of...more
The Department of Defense (DoD) continues to enhance cybersecurity requirements in its supply chain. A new rule requires some contractors to assign a numerical score to their current cybersecurity practices. Additionally, the...more
In the face of increasing concern over the security of Navy and Marine Corps (Navy) programs, the Navy Marine Corps Acquisition Regulation Supplement (NMCARS) was updated on September 6, 2019 to incorporate significant...more
The Legal Advisor is a newsletter distributed by the firm to our clients, friends and business contacts. The publication addresses current issues that are of concern to federal government contractors and commercial businesses...more