The Trump Administration Executive Orders related to Diversity, Equity, and Inclusion (“DEI”), Executive Order 14170 (Reforming the Federal Hiring Process and Restoring Merit to Government Service) and Executive Order 14173 (Ending Illegal Discrimination and Restoring Merit-Based Opportunity) (the “EOs”), have given businesses and other organizations (including universities) much to think about regarding their DEI initiatives. This includes entities that do business with the federal government, entities that do business with state and local governments, and entities with operations outside the United States. As the landscape continues to shift, below are four issues every organization should consider as they perform their DEI reviews:Continue Reading How Far Do They Reach? Four Issues Entities Should Consider When Analyzing the Trump Administration Executive Orders Related to Diversity, Equity, and Inclusion

On January 20 and 21, 2025, President Trump signed two executive orders focused on Diversity, Equity, and Inclusion (DEI) programs: EO 14151, “Ending Radical and Wasteful Government DEI Programs and Preferencing” and EO 14173, “Ending Illegal Discrimination and Restoring Merit‐Based Opportunity” (the “EOs”). You can read more about the content of these EOs here. While the EOs have broad ranging impacts on federal contractors in a number of areas, this blog focuses on the potential impacts specific to small businesses generally and to large businesses via small business subcontracting. Continue Reading Trump DEI Executive Orders – Impacts on Small Businesses and Small Business Subcontracting

In Part 1 of our blog series, we outlined the Trump Administration’s new Executive Orders (“EOs”) on Diversity, Equity, Inclusion (“DEI”) and Diversity, Equity, Inclusion, and Accessibility (“DEIA”) programs, and the current legal status of those EOs. In this second part, we provide several observations on what actions federal contractors and grant recipients might want to consider taking in response to these EOs to ensure compliance and mitigate risks.Continue Reading What Should Contractors and Grant Recipients do in Response to the DEI Executive Orders?

The first 100 days of President Trump’s second term have been action-packed with the President issuing 43 Executive Orders within hours of his inauguration – and an additional 46 that soon followed. Two Executive Orders in particular – Executive Order 14151, “Ending Radical and Wasteful Government DEI Programs and Preferences,” and Executive Order 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” – have received significant attention. These Orders mark a significant shift from prior administrations, and aim to redefine the role of DEI not only within the Federal Government, but also within the private sector. What follows is a brief overview of these Orders and how they likely affect – or will affect –businesses.Continue Reading The Trump Administration’s Diversity, Equity, and Inclusion (DEI) Executive Orders: A Brief Primer

On March 24, 2025, the Federal Risk and Authorization Management Program (“FedRAMP”) announced a major overhaul of the program, which is being called “FedRAMP 20x.” The FedRAMP 20x announcement stated there are no immediate changes to the existing authorization path based on agency sponsorship and assessment against the FedRAMP Rev 5 baseline.[1] However, once the initiative kicks off, we expect major changes to speed up and streamline that authorization path that likely will be welcomed by industry partners and cloud service providers participating in the program. Below are key points based on the recent FedRAMP 20x announcement.Continue Reading FedRAMP 20x – Major Overhaul Announced to Streamline the Security Authorization Process for Government Cloud Offerings

Update: On February 22, Maryland District Court Judge Adam Abelson issued a Preliminary Injunction halting the rollout and enforcement of the several provisions in the EO. Relevant here, the PI prohibits the Federal Government from requiring any contractor or grantee to make any certification required by the EO; and prohibits the Federal Government from bringing any False Claims Act enforcement action, or other enforcement action, in connection with either the proposed certification or the nine federal investigations to be proposed by each federal agency. The 63-page opinion addressed both First and Fifth Amendment implications of the EO relying, in part, on the vagueness concerns noted below. This is not a final decision on the merits, and the likelihood of additional litigation, included appeals, as well as additional actions by the Administration is highly likely.Continue Reading The Squeeze is the Juice – Utilization of The False Claims Act in the DEI/Government Contracting Executive Order 

In the Fiscal Year 2025 National Defense Authorization Act (“FY25 NDAA”), Congress included some important provisions related to the bid protest process at the U.S. Government Accountability Office (“GAO”). These provisions (1) raise the dollar threshold for task order protests of Department of Defense (“DoD”) procurements and (2) task DoD and GAO with exploring processes to make protesting DoD procurements more difficult.Continue Reading FY2025 NDAA Increases the Threshold for DoD Task Order Protests and Asks GAO and DoD to Explore Changes to Bid Protest Process

Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security assessments of cloud service offerings, but final versions were never released. On January 16, 2025, FedRAMP released another draft authorization boundary guidance document (RFC-0004). FedRAMP’s authorization boundary guidance is “the most frequently requested policy update” as it forms the foundation for determining the scope of review for assessment and authorization. The new draft currently is open for public comment through February 17, 2025.Continue Reading FedRAMP Releases New Draft Authorization Boundary Guidance

On January 8, 2025, the Department of Justice (“DOJ”) published its final rule addressing Executive Order (E.O.) 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” With the final rule, the DOJ National Security Division’s Foreign Investment Review Section (“FIRS”) defines prohibited and restricted data transactions, and outlines trusted data flows for companies with overseas operations involving countries of concern, including IT infrastructure. The general effect of the rule is to close “front door” access to bulk sensitive personal data on U.S. persons and certain U.S.-government-related data. Until now—or rather, April 8, 2025, when the majority of the rule becomes effective—nefarious actors could procure sensitive data through legitimate business transactions.Continue Reading Data, Deals, and Diplomacy, Part III: DOJ Issues National Security Final Rule with New Data Compliance Obligations for Transactions Involving Countries of Concern

In the ever-evolving world of cybersecurity, even organizations that meet stringent security standards can be victims of sophisticated cyberattacks. A notable example of this is the December 8, 2024 cybersecurity incident involving the U.S. Department of the Treasury and its third-party cloud service provider, BeyondTrust. This incident underscores some critical lessons for entities (both government agencies and private sector) that rely on third-party cloud service providers (“CSPs”).Continue Reading Looking Beyond FedRAMP – Lessons from the U.S. Treasury Cybersecurity Incident

The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of the Government’s broader efforts to identify, detect, and respond to ever-evolving threats targeting Federal contractors.Continue Reading At Long Last – The FAR CUI Rule is Here!