Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement
Continue Reading Executive Order 14042 – Update 12.0: U.S. District Court Issues Nationwide Injunction

In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related
Continue Reading What We Know And Don’t About The Federal Court Order Enjoining EO 14042

A Sheppard Mullin trial team led by partners Brad Graveline and Laura Burson obtained one of the largest patent infringement damages awards against the United States of America for client SecurityPoint Holdings, Inc (SecurityPoint).  Sheppard Mullin partner Don Pelto and associates Kazim Naqvi, Rebecca Mackin, and Tom Carr were also key members of the trial team.  In addition, the Sheppard Mullin team included trial specialist Stephanie Limbaugh and legal assistants Dori Dellisanti and Ann Castro.

Continue Reading Historic $130m+ Patent Infringement Award Against the United States of America

It is that time of year again when the U.S. Government Accountability Office (“GAO”) submits its bid protest statistics to Congress as mandated under the Competition in Contracting Act of 1984, 31 U.S.C. §3554(e)(2).  On November 16, 2021, the GAO released its Bid Protest Annual Report to Congress for Fiscal Year 2020.  It has been a year of ups and downs, but, importantly, the chances of winning have stayed the same.

Continue Reading Everything Changes, Except That Which Stays the Same: GAO’s Bid Protest Annual Report to Congress

New York’s chief law enforcement agency recently squandered an opportunity to bring much needed guidance to the digital assets space.  On October 18, 2021, the Office of New York Attorney General, Letitia James (“NYAG”), issued a press release warning New York businesses that offer interest-bearing accounts to customers depositing virtual currency without having registered under New York General Business Law § 352, et seq. (the “Martin Act”) are breaking the law.

Continue Reading NYAG’s Warning to Crypto Businesses Muddies Regulatory Waters; Compliance Requirements Remain Elusive

It’s official: the Department of Veterans Affairs (“VA”) Medical Surgical Prime Vendor (“MSPV”) 2.0 Program is no more.  The VA has announced that it will not revive MSPV 2.0 following several unusually painful protests at the U.S. Court of Federal Claims (see our prior blogs here and here). Instead the VA will move on to MSPV-“Z”.  Generally speaking, there seems to be little difference between “2.0” and “Z,” except that some division of geographies may change.  But importantly, the VA plans to make clear in the MSPV-Z solicitation—which currently is in the works—whether and when it will transfer the contracts’ requirements to the Defense Logistics Agency (“DLA”), an issue that has drawn significant criticism to date.  The VA says it is developing the business case for the transfer, and the business case analysis will determine both whether it will happen at all, and how the VA will execute the transfer.  In the meantime, the VA will extend the current bridge contracts under MSPV-Next Generation (“MSPV-NG”) for a full year, running December 2021 to December 2022, while the VA (and likely the DLA) get their ducks in a row.

Continue Reading MSPV 2.0 Is Dead – Long Live MSPV

The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October 28, 2021. We previously discussed the release of the first draft here. The public comment period currently is open and concludes on December 3, 2021. NIST anticipates releasing a final version during the third quarter of 2022.


Continue Reading Seeking HoNIST Opinions, Part II – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices and Software Guidelines Mandated By Cybersecurity Executive Order

On November 4, 2021, the Department of Defense (“DOD”) announced several changes to the Cybersecurity Maturity Model Certification (“CMMC”) program – the program that DOD intends to use to enhance the security of the defense industrial base through assessments and third-party cybersecurity certifications.[1] The new version of the program – “CMMC 2.0” – is a result of DOD’s internal review of the CMMC program implemented thus far (“CMMC 1.0”), which began following the release of an interim rule in September 2020, and included review of over 850 public comments. DOD intends to engage in additional rulemaking to refine and finalize CMMC 2.0. Although the overall goal of the program remains focused on safeguarding sensitive unclassified information, CMMC 2.0 includes several important differences from the original program, as discussed in greater detail below.

Continue Reading DOD Updates Its Cybersecurity Certification Program – CMMC 2.0: What Contractors Need to Know

Colleges and universities with U.S. government-sponsored research or other non-grant funding take note. On September 9, 2021, President Biden signed Executive Order 14042 to implement COVID safety protocols for Federal service contractors and subcontractors. Among other things, Executive Order 14042 requires that entities holding Federal contracts (or “contract-like instruments”), including colleges and universities, mandate vaccinations and other safety protocols for a wide swath of their employees. Unlike the forthcoming related OSHA rule, Executive Order 14042 does not permit employees to provide regular negative test results in lieu of proof of vaccination. This summary alert highlights a few of the issues that will be of particular importance to institutions of higher education.

Continue Reading Five Key Takeaways For Colleges and Universities From the New Federal Vaccination Mandate

On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.

Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance