Photo of Daniel Alvarado

Daniel J. Alvarado is an associate in the Governmental Practice in the firm's Washington, D.C. office.

Last month, the federal government announced a major overhaul of the Federal Risk and Authorization Management Program (“FedRAMP”) called “FedRAMP 20x” (we discussed the initiative here). FedRAMP 20x is moving forward fast – with new authorizations, community engagement efforts, standards documents, and the Phase One pilot program. (More information about the Phase One pilot program is available here.)Continue Reading FedRAMP 20x – Update on Significant Change Process and Assessment Scope Standards

The Trump Administration Executive Orders related to Diversity, Equity, and Inclusion (“DEI”), Executive Order 14170 (Reforming the Federal Hiring Process and Restoring Merit to Government Service) and Executive Order 14173 (Ending Illegal Discrimination and Restoring Merit-Based Opportunity) (the “EOs”), have given businesses and other organizations (including universities) much to think about regarding their DEI initiatives. This includes entities that do business with the federal government, entities that do business with state and local governments, and entities with operations outside the United States. As the landscape continues to shift, below are four issues every organization should consider as they perform their DEI reviews:Continue Reading How Far Do They Reach? Four Issues Entities Should Consider When Analyzing the Trump Administration Executive Orders Related to Diversity, Equity, and Inclusion

On March 24, 2025, the Federal Risk and Authorization Management Program (“FedRAMP”) announced a major overhaul of the program, which is being called “FedRAMP 20x.” The FedRAMP 20x announcement stated there are no immediate changes to the existing authorization path based on agency sponsorship and assessment against the FedRAMP Rev 5 baseline.[1] However, once the initiative kicks off, we expect major changes to speed up and streamline that authorization path that likely will be welcomed by industry partners and cloud service providers participating in the program. Below are key points based on the recent FedRAMP 20x announcement.Continue Reading FedRAMP 20x – Major Overhaul Announced to Streamline the Security Authorization Process for Government Cloud Offerings

Over the last few years, the Federal Risk and Authorization Management Program (“FedRAMP”) Program Management Office (“PMO”) has released two draft guidance documents related to defining the applicable boundary for security assessments of cloud service offerings, but final versions were never released. On January 16, 2025, FedRAMP released another draft authorization boundary guidance document (RFC-0004). FedRAMP’s authorization boundary guidance is “the most frequently requested policy update” as it forms the foundation for determining the scope of review for assessment and authorization. The new draft currently is open for public comment through February 17, 2025.Continue Reading FedRAMP Releases New Draft Authorization Boundary Guidance

To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024 Recap (highlighting major updates and including links to the resources we put out over the past year) and a 2025 Forecast (previewing what we expect to see in 2025). This Recap & Forecast covers the following six high-interest topic areas relating to cybersecurity and data protection:Continue Reading Governmental Practice Cybersecurity and Data Protection: 2024 Recap & 2025 Forecast Alert

It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released the final Emerging Technology Prioritization Framework, which outlines the prioritization of certain artificial intelligence capabilities. In mid-July, FedRAMP announced its Agile Delivery pilot program, which is a new process for reviewing significant changes without the need for advanced approval. FedRAMP also announced a new technical documentation hub (automate.fedramp.gov) that focuses on provided support to cloud service providers in the development of digital authorization packages. Lastly, just as the heat wave in Washington, D.C. ended, FedRAMP published the final version of the FedRAMP OMB Memo (“OMB Memo”) on July 26, 2024. The OMB Memo revamps FedRAMP through changes to the authorization paths and continuous monitoring and incident response processes, as well as enhancements through automation. Below are key points to know about each FedRAMP update released this summer.Continue Reading Summer Heat Ramping Up: FedRAMP Releases Final OMB Memo and Announces Update on Roadmap Progress, Automation Site Launch, and the Agile Delivery Pilot Launch

On March 28, 2024, the Office of Management and Budget (“OMB”) issued Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (the “Memo”). This is the final version of a draft memorandum OMB released for public comment on November 1, 2023. The Memo primarily focuses on agency use of AI and outlines minimum practices for managing risks associated with the use of AI in the federal government. The Memo also provides recommendations for managing AI risks in federal procurement of AI that industry should keep in mind, specifically entities developing AI tools to sell to the federal government.Continue Reading Better Safe Than Sorry: OMB Releases Memorandum on Managing AI Risks in the Federal Government

In January 2022, we warned software companies selling indirectly against attempting to enforce the terms of their End User License Agreement (“EULA”) directly against the Federal Government based on the decision of the Civilian Board of Contract Appeals (“CBCA”) in Avue Technologies Corp. Earlier this month, the Federal Circuit gave software companies some hope by vacating the CBCA’s decision. Read on, though, before filing your claim.Continue Reading Finally Invited to the Party? Federal Circuit Opens the Door for Software Companies Selling Through Resellers to Bring a Contract Claim Against the Federal Government

In a previous article, we analyzed what made protests successful at the Government Accountability Office (“GAO”) in Fiscal Year 2023 (“FY23”). Now, we want to share some insights we gained while conducting the same analysis of bid protest decisions at the Court of Federal Claims (“COFC” or the “Court”).Continue Reading What Makes a Successful Protest at the Court of Federal Claims

On January 26, 2024, the Federal Risk and Authorization Management Program (“FedRAMP”) published a draft Emerging Technology Prioritization Framework developed in response to President Biden’s Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (previously analyzed by our colleague here and discussed in a flash briefing available here). The Executive Order charged FedRAMP with developing a framework to prioritize Emerging Technologies in the FedRAMP authorization process, starting with generative AI.Continue Reading Emerging AI Landscape: FedRAMP Publishes Draft Emerging Technology Prioritization Framework in Response to Executive Order on Artificial Intelligence

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the past year) and 2024 Forecast (that previews what we expect to see in 2024). This Recap & Forecast covers the following five high-interest topic areas related to cybersecurity and data protection:Continue Reading Governmental Practice Cybersecurity and Data Protection, 2023 Recap & 2024 Forecast Alert