The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October 17, 2022.
Organizational Conflicts of Interest – Part 1: A Refresher on OCIs
You might be wondering, “What’s so important about Organizational Conflicts of Interest (“OCIs”)?” The answer is fairly simple: understanding both what causes OCIs and how to mitigate them are critical because unmitigated OCIs can preclude a contractor from (1) competing for future contract work, (2) performing certain tasks under existing contracts, (3) transferring personnel between company organizations, (4) hiring personnel, (5) teaming with certain vendors, and/or (6) entering into certain corporate transactions. Moreover, undisclosed or unmitigated OCIs can create risk of liability under the False Claims Act. In this Part 1 of a three part series, we offer a summary of what creates OCIs and general mitigation strategies. In Part 2, we will detail how OCIs arise in protests, and in Part 3, we will address the risks of False Claims Act liability arising from undisclosed OCIs.
Continue Reading Organizational Conflicts of Interest – Part 1: A Refresher on OCIs
Software Companies Beware: Board Holds Subcontractor Cannot Enforce EULA Directly Against Federal Government
Software companies selling indirectly to the Federal Government finally received an answer to a question that has lingered for years – can a software company going to market through a reseller bring a direct claim under the Contract Disputes Act (“CDA”) against the Federal Government for violating a term of the software company’s End User License Agreement? Sadly, the answer is “no.”
Continue Reading Software Companies Beware: Board Holds Subcontractor Cannot Enforce EULA Directly Against Federal Government
Executive Order 14042 – Update 12.0: U.S. District Court Issues Nationwide Injunction
Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement
Continue Reading Executive Order 14042 – Update 12.0: U.S. District Court Issues Nationwide Injunction
What We Know And Don’t About The Federal Court Order Enjoining EO 14042
In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related
Continue Reading What We Know And Don’t About The Federal Court Order Enjoining EO 14042
Seeking HoNIST Opinions, Part II – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices and Software Guidelines Mandated By Cybersecurity Executive Order
The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October 28, 2021. We previously discussed the release of the first draft here. The public comment period currently is open and concludes on December 3, 2021. NIST anticipates releasing a final version during the third quarter of 2022.
Double Time – NIST Seeks Comments on Major Revision to Practices for Developing Cyber-Resilient Systems (SP 800-160) and Assessing Security and Privacy Controls in Information Systems and Organizations (SP 800-53A)
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST SP 800-53A, Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations.” The public comment periods currently are open and conclude on September 20, 2021 and October 1, 2021, respectively.
Continue Reading Double Time – NIST Seeks Comments on Major Revision to Practices for Developing Cyber-Resilient Systems (SP 800-160) and Assessing Security and Privacy Controls in Information Systems and Organizations (SP 800-53A)
Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13, 2021.
Continue Reading Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment
Seeking HoNIST Opinions – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) and Provides Further Software Supply Chain Guidance
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on April 29, 2021. The public comment period currently is open and concludes on June 14, 2021. NIST anticipates releasing a second draft in September 2021, with a final version anticipated to be released by April 2022.
Continue Reading Seeking HoNIST Opinions – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) and Provides Further Software Supply Chain Guidance
Key Provisions You Should Know From FY 2021 NDAA
On January 1, 2021, Congress overrode President Trump’s veto of the Fiscal Year (“FY”) 2021 National Defense Authorization Act (“NDAA”) (the “Act”), Pub. L. No. 116-283. The $740 billion defense
Continue Reading Key Provisions You Should Know From FY 2021 NDAA