Photo of Daniel Alvarado

Daniel J. Alvarado is an associate in the Governmental Practice in the firm's Washington, D.C. office.

While you were asking ChatGPT to create a 3-course menu for the upcoming book club you’re hosting or to explain the Rule Against Perpetuities, several federal government agencies announced initiatives related to the use of artificial intelligence (AI) and automated systems, focusing on the potential threats stemming from the misuse of this powerful technology. As the development and use of AI becomes integrated into our daily lives and employee work routines, and companies begin to leverage such technology in their solutions provided to the government, it is important to understand the developing federal government compliance infrastructure and the potential risks stemming from the misuse of AI and automated systems.

Continue Reading ChatUSG: What Companies Doing Business with the Government Need to Know About Artificial Intelligence

The Federal Risk and Authorization Management Program (FedRAMP) Program Management Office recently released a revised version of its Obligations and Compliance Standards document for third party assessors – the organizations that conduct reviews and enable security authorizations for cloud service offerings to the federal government. The revised document seeks to further define the performance and compliance expectations for third party assessors (3PAOs) and incorporates changes stemming from the FedRAMP Authorization Act, which was enacted as part of the Fiscal Year 2023 National Defense Authorization Act and codified FedRAMP. The revisions reflect recent trends in cyber and supply chain security, focusing on identifying potential foreign influence and enhancing transparency with respect to the activities conducted by the third party assessors. 

Continue Reading Reassessed: FedRAMP Releases Revised Obligations and Standards for Cybersecurity Assessors

The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October 17, 2022.

Continue Reading Third Time’s The Charm – FedRAMP Releases Draft Authorization Boundary Guidance Version 3 for Public Comment

You might be wondering, “What’s so important about Organizational Conflicts of Interest (“OCIs”)?” The answer is fairly simple: understanding both what causes OCIs and how to mitigate them are critical because unmitigated OCIs can preclude a contractor from (1) competing for future contract work, (2) performing certain tasks under existing contracts, (3) transferring personnel between company organizations, (4) hiring personnel, (5) teaming with certain vendors, and/or (6) entering into certain corporate transactions. Moreover, undisclosed or unmitigated OCIs can create risk of liability under the False Claims Act. In this Part 1 of a three part series, we offer a summary of what creates OCIs and general mitigation strategies. In Part 2, we will detail how OCIs arise in protests, and in Part 3, we will address the risks of False Claims Act liability arising from undisclosed OCIs.

Continue Reading Organizational Conflicts of Interest – Part 1: A Refresher on OCIs

Software companies selling indirectly to the Federal Government finally received an answer to a question that has lingered for years – can a software company going to market through a reseller bring a direct claim under the Contract Disputes Act (“CDA”) against the Federal Government for violating a term of the software company’s End User License Agreement? Sadly, the answer is “no.”

Continue Reading Software Companies Beware: Board Holds Subcontractor Cannot Enforce EULA Directly Against Federal Government

Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement
Continue Reading Executive Order 14042 – Update 12.0: U.S. District Court Issues Nationwide Injunction

In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related
Continue Reading What We Know And Don’t About The Federal Court Order Enjoining EO 14042

The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October 28, 2021. We previously discussed the release of the first draft here. The public comment period currently is open and concludes on December 3, 2021. NIST anticipates releasing a final version during the third quarter of 2022.


Continue Reading Seeking HoNIST Opinions, Part II – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices and Software Guidelines Mandated By Cybersecurity Executive Order

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST SP 800-53A, Revision 5, “Assessing Security and Privacy Controls in Information Systems and Organizations.” The public comment periods currently are open and conclude on September 20, 2021 and October 1, 2021, respectively.

Continue Reading Double Time – NIST Seeks Comments on Major Revision to Practices for Developing Cyber-Resilient Systems (SP 800-160) and Assessing Security and Privacy Controls in Information Systems and Organizations (SP 800-53A)

The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13, 2021.

Continue Reading Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment

The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on April 29, 2021. The public comment period currently is open and concludes on June 14, 2021. NIST anticipates releasing a second draft in September 2021, with a final version anticipated to be released by April 2022.
Continue Reading Seeking HoNIST Opinions – NIST Invites Comments on Major Revision to Cyber Supply Chain Risk Management Practices for Systems and Organizations (SP 800-161) and Provides Further Software Supply Chain Guidance