Photo of Jonathan E. Meyer

Jonathan Meyer is a partner in the Government Contracts, Investigations and International Trade Practice Group in the firm's Washington, D.C. office.

Legislation directing the National Institute of Standards and technology (“NIST”) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors recently passed the Senate and is heading to the President’s desk. We have been following this legislation closely for the past two years, here and here.  The bill passed in the Senate without amendment by unanimous consent.
Continue Reading IoT Legislation Passes Congress

After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a more proactive and systematic approach to cybersecurity. With the release of Revision 5, NIST hopes to provide updated security and privacy controls that will make information systems more penetration resistant, limit damages from cyber-attacks, make systems more cyber-resilient, and protect individuals’ privacy. NIST intends this update to be usable by a more diverse set of consumer groups than previous iterations of the document permitted.
Continue Reading NIST Issues Long-Awaited Final Guidance on Security and Privacy Controls – SP 800-53

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.
Continue Reading IoT Legislation Advances in Congress

NIST’s news draft guidance, Special Publication 800-53B, Control Baselines for Information Systems and Organizations, provides important information on selecting both security and privacy control baselines for the Federal Government. These control baselines are from NIST Special Publication 800-53 and have been moved to this separate publication “so the SP 800-53 [can] serve as a consolidated catalog of security and privacy controls regardless of how those controls [are] used by different communities of interest.”   The new guidance addresses federal information systems and is applicable to information systems used or operated by an agency, a contractor on behalf of an agency, or another organization on behalf of an agency.
Continue Reading NIST Issues Draft Guidance on Security and Privacy Control Baselines – SP 800-53B

NIST recently released the final public draft of SP 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171 (formerly Draft NIST SP 800-171B). NIST is proposing additional security requirements for certain CUI in non-federal systems that is associated with critical programs or high value assets and is soliciting public comments through August 21, 2020.
Continue Reading NIST Proposes Draft Enhanced Security Requirements for Protecting CUI

On March 25, 2020 the Senate passed a $2 trillion stimulus bill “[p]roviding emergency assistance and healthcare response for individuals, families and businesses affected by the 2020 coronavirus pandemic.”  The House and the President are both expected to approve the Bill in short order.  The Bill contains many provisions important to all companies, including government contractors.  Sheppard Mullin’s Government Contracts, Investigations and International Trade Practice Group prepared a summary of the Bill, available here.  In addition, for your reference, we are providing a section-by-section analysis from Capitol Hill, as well as the text of the bill itself.  Do not hesitate to contact us with any questions about the legislation or its implementation.
Continue Reading Key Provisions in the Senate Stimulus Bill

On January 30, 2020, the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year.  
Continue Reading CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity

At the end of 2019, the Department of Defense (“DoD”) took another step to limit the potential cyber risks posed by telecommunications equipment manufactured by Chinese companies (and potentially Russian
Continue Reading DoD’s Squeeze of Chinese Telecom Equipment Continues

On November 6, 2019, the Department of Homeland Security (“DHS”), Cybersecurity & Infrastructure Security Agency (“CISA”) released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber
Continue Reading CISA Releases “Cyber Essentials” to Assist Small Businesses

On September 9, 2019, the U.S. General Services Administration (“GSA”) announced it would be issuing a mass modification (expected sometime this month)[1] requiring all new and existing GSA Multiple Award Schedule (“MAS”) contracts include two new clauses. The new clauses come in response to Section 889 of the FY2019 National Defense Authorization Act (“NDAA”), and recently implemented FAR provisions, which impose prohibitions relating to the procurement of certain Chinese telecommunications equipment and services (which we have previously discussed here and here). The two clauses to be added to all MAS contracts are:

  • FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019)
  • GSAR 552.204-70, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019)


Continue Reading GSA Implements Restrictions on Certain Chinese-Made Telecommunications Services and Equipment