Photo of Lauren Weiss

Lauren Weiss is an associate in the Governmental Practice in the firm's Washington, D.C. office. She is also a member of the Privacy and Cybersecurity Team.

We all know that failure to submit your bid proposal on time typically results in rejection. And the list of exceptions to this “late is late” rule is very short, providing only four notable exceptions: (1) an offeror has acceptable evidence of government control of a proposal; (2) an offeror can establish a systemic failure of government procedures resulting in multiple instances of lost information; (3) if electronically submitted, a proposal was received by government infrastructure by 5:00 p.m. one working day prior to the proposal submission date; and (4) if there is only one offeror. But what if you submitted your proposal on time and the agency’s server rejects the submission without bothering to inform you? And what if the basis for rejection was an undisclosed limitation within a server on email size? Does such delay qualify as an exception to the “late is late” rule? The answer depends on which forum you ask.

Continue Reading The Gap Widens Between COFC and GAO on Late is Late Rule

Per Executive Order 14028, Improving the Nation’s Cybersecurity, the Office of Management and Budget (OMB) issued a memorandum on September 14, 2022 requiring federal agencies to only use software from software producers that attest compliance with secure software development guidance issued by the National Institute of Standards and Technology (NIST).

Continue Reading Federal Government Outlines New Security and Attestation Requirements for Software

On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.

Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance