On August 22, 2024, the United States Department of Justice (“DOJ”) filed a Complaint-In-Intervention (the “Complaint”) against the Georgia Institute of Technology (“Georgia Tech”) and Georgia Tech Research Corp. (“GTRC”). The 99-page DOJ Complaint alleges the defendants knowingly failed to meet contractual cybersecurity requirements in connection with various Department of Defense (“DoD”) contracts. The suit raises claims under the False Claims Act and federal common law (including fraud, negligent misrepresentation, breach of contract, unjust enrichment, and payment by mistake). This is the latest DOJ activity relating to its Civil Cyber Fraud Initiative (announced in October 2021), which we previously have written about here, here, and here.Continue Reading DOJ Sues Georgia Tech Entities for Cybersecurity Failures in the Latest Civil Cyber Fraud Initiative (CCFI) Activity
Department of Defense
The Next Frontier: Key Takeaways from the New U.S. Government Commercial Space Strategies
The U.S. Government continues to increase its Federal investment in space – not for exploration, but rather as a defense strategy – and this continued investment provides significant opportunity for commercial entities to partner with the Federal Government on space projects. On April 2, 2024, the Department of Defense (“DoD”) released its first ever Commercial Space Integration Strategy (the “DoD Strategy”) and, just a few days later, on April 8, 2024, the U.S. Space Force released its Commercial Space Strategy (the “Space Force Strategy”) (together the “Strategies”). The Strategies are complementary and formalize the U.S. Government’s commitment to “making commercial solutions integral—and not just supplementary—to national security space architectures.” The Strategies include a few key takeaways for both commercial space and satellite companies and traditional government contractors working in space-related activities. Here are the highlights:Continue Reading The Next Frontier: Key Takeaways from the New U.S. Government Commercial Space Strategies
New Year, (Potentially) New Definition for “Subcontract”
In addition to prohibiting the flow-down of non-mandatory FAR/DFARS clauses (which we talk about here), the Department of Defense (“DOD”) Final Rule in connection with the Defense Federal Acquisition Regulation Supplement (“DFARS”) Case 2017-D010 also touched on the decades-long debate as to which entities actually are subcontractors performing under a Federal prime contract. Yes, you read that correctly – there is no single definition for the terms “subcontract” or “subcontractor.” After almost 40 years of confusion, it appears the DFARS and Federal Acquisition Regulation (“FAR”) Councils are trying to end the debate once and for all.Continue Reading New Year, (Potentially) New Definition for “Subcontract”
It’s the Most Wonderful Time for New DOD Flow Down Policies: Flowing Down Too Many Clauses Will Get Prime Contractors More Than a Lump of Coal
On November 17, 2023, the Department of Defense (“DOD”) published a Final Rule – over five years in the making – addressing DOD policies regarding the applicability of laws to commercial products, commercial services, and commercially available off-the-shelf (“COTS”) products (DFARS Case 2017-D010). Partially implementing Section 874 of the Fiscal Year 2017 National Defense Authorization Act, DOD has imposed new regulations that expressly prohibit Contracting Officers (“CO”) and prime contractors alike from incorporating regulatory requirements of the Federal Acquisition Regulation (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”) in prime contracts and subcontracts unless mandated by regulatory text.Continue Reading It’s the Most Wonderful Time for New DOD Flow Down Policies: Flowing Down Too Many Clauses Will Get Prime Contractors More Than a Lump of Coal
Continuing Skepticism on China: Final Rule Requires Disclosure of Defense Contractor Personnel in China
On March 1, 2023, the U.S. Department of Defense (“DoD”) adopted, without change, Defense Federal Acquisition Regulation Supplement (“DFARS”) Case No. 2022-D010, Employment Transparency Regarding Individuals Who Perform Work in the People’s Republic of China (88 Fed. Reg. 12861), updating provisions at DFARS 225.7021 and adding contract clauses at 252.225-7057 and 252.225-7058. This latest DFARS rule reflects a shifting regulatory landscape aimed at increasing transparency and oversight of U.S. transactions involving China.Continue Reading Continuing Skepticism on China: Final Rule Requires Disclosure of Defense Contractor Personnel in China
Updated Timeline for CMMC Implementation
Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays. For…
Continue Reading Updated Timeline for CMMC ImplementationThe Impact of DOD’s Enhanced Debriefings Rule on Bid Protest Timeliness
On March 18, 2022, the Department of Defense (“DOD”) issued its long-awaited Final Rule implementing Section 818 of the National Defense Authorization Act for Fiscal Year 2018 (“NDAA FY 2018”), and formally codifying defense contractors’ rights to post-award enhanced debriefings. Contractors have been bound by a Class Deviation implementing these requirements since March 2018, with DOD only issuing its proposed rule in May 2021. Though the Final Rule largely tracks the proposed rule, it does include several important clarifications, and, of course, directly impacts timeliness rules for filing post-award protests of DOD awards at the Government Accountability Office (“GAO”).
Continue Reading The Impact of DOD’s Enhanced Debriefings Rule on Bid Protest Timeliness
DOD Updates Its Cybersecurity Certification Program – CMMC 2.0: What Contractors Need to Know
On November 4, 2021, the Department of Defense (“DOD”) announced several changes to the Cybersecurity Maturity Model Certification (“CMMC”) program – the program that DOD intends to use to enhance the security of the defense industrial base through assessments and third-party cybersecurity certifications.[1] The new version of the program – “CMMC 2.0” – is a result of DOD’s internal review of the CMMC program implemented thus far (“CMMC 1.0”), which began following the release of an interim rule in September 2020, and included review of over 850 public comments. DOD intends to engage in additional rulemaking to refine and finalize CMMC 2.0. Although the overall goal of the program remains focused on safeguarding sensitive unclassified information, CMMC 2.0 includes several important differences from the original program, as discussed in greater detail below.
Continue Reading DOD Updates Its Cybersecurity Certification Program – CMMC 2.0: What Contractors Need to Know
Key Provisions You Should Know From FY 2021 NDAA
On January 1, 2021, Congress overrode President Trump’s veto of the Fiscal Year (“FY”) 2021 National Defense Authorization Act (“NDAA”) (the “Act”), Pub. L. No. 116-283. The $740 billion defense…
Continue Reading Key Provisions You Should Know From FY 2021 NDAA
The NISPOM is Becoming a Regulation & Contractors Have Six Months to Comply
On December 21, 2020, the Department of Defense (“DoD”) published a final rule in the Federal Register that codifies the National Industrial Security Program Operating Manual (“NISPOM”) in the Code of Federal Regulations (“CFR”) at 32 CFR part 117. The rule will become effective on February 24, 2021, giving contractors six months from the effective date to comply with the changes. Comments on the proposed change are due by February 19, 2021.[1]
Continue Reading The NISPOM is Becoming a Regulation & Contractors Have Six Months to Comply
DoD’s Long Awaited Rule on CMMC – Plus a New Cybersecurity Assessment Methodology for Contractors to Start Right Now
At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.” The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well. Continue reading for our breakdown of key provisions.
Continue Reading DoD’s Long Awaited Rule on CMMC – Plus a New Cybersecurity Assessment Methodology for Contractors to Start Right Now