Photo of Lillia Damalouji

Lillia Damalouji is an associate in Sheppard Mullin’s Washington, D.C. office where she is a member of the firm’s Governmental Practice. Lillia is also a member of the firm’s Cybersecurity Team, Supply Chain Team, Commercial Products and Services Team, and the Government Business Group.

One forum to raise a protest against the award of a contract is at the agency responsible for the procurement, pursuant to the procedures set forth in Federal Acquisition Regulation (“FAR”) 33.103. The procedures require that a protester submit a protest to the agency that details the legal and factual grounds for the protest; describes the resulting prejudice to the protester; establishes that the protester is an interested party; requests a ruling by the agency; demonstrates timeliness; and includes a request for relief.Continue Reading Government Contractors Beware: The Trap of the Unintended Agency-Level Protest and Timeliness Implications

On April 1, 2024, the FAR Council published a new Final Rule that establishes FAR Part 40 – but without any new provisions of substance. This Final Rule becomes effective on May 1, 2024. Subsequently, the FAR Council published a Request for Information (“RFI”) on April 10, 2024. The RFI seeks feedback on the scope and organization of FAR Part 40 and is open for comment until June 10, 2024.Continue Reading Not an April Fools Joke – FAR Part 40 Final Rule Has Been Published

On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the “Common Form”) and on March 18, 2024 CISA’s repository for the forms went live.Continue Reading CISA Opens Repository for Submission of Software Security Attestation Forms

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the past year) and 2024 Forecast (that previews what we expect to see in 2024). This Recap & Forecast covers the following five high-interest topic areas related to cybersecurity and data protection:Continue Reading Governmental Practice Cybersecurity and Data Protection, 2023 Recap & 2024 Forecast Alert

Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. This is the third article in a multi-part series on the Federal Acquisition Regulation (“FAR”) Cost Principles applicable to contracts with commercial organizations. The first article in the series addressed the criteria for determining the allowability of costs. The second addressed the allocation of direct and indirect costs. This Cost Corner focuses accounting for unallowable costs. The applicable Cost Principle is FAR 31.201-6, Accounting for Unallowable Costs. Among other requirements, FAR 31.201-6 incorporates by reference the practices for accounting for, and presentation of, unallowable costs provided in Cost Accounting Standard (“CAS”) 405, also titled “Accounting for Unallowable Costs.” We will address both the FAR and the CAS requirements.Continue Reading Government Contracts Cost and Pricing: Accounting for Unallowable Costs

Since our last Bid Protest Hub article in November, the Government Accountability Office (“GAO”) has published 37 bid protest decisions, two of which have resulted in decisions sustaining the protester’s challenge. As we enter into the new year, it remains critical for government contractors to understand what issues win at the GAO and why. Below, we cover a few important GAO decisions you should know from December 2023.Continue Reading Bid Protest Hub – December 2023

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional comments through December 18, 2023. This is an important opportunity for software producers (and others) to provide input that will help shape the future of software supply chain regulations. At a time when the federal government is struggling to harmonize myriad rules on cybersecurity and supply chain, recommendations from industry will be key.Continue Reading Update: CISA Seeks Additional Input from Software Providers on Security Attestation Form

On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028). The proposed rules relate to Cyber Threat and Incident Reporting and Information Sharing (FAR Case 2021-017) and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems (FAR Case 2021-019). The comment period for both rules is currently open and is scheduled to close on December 4, 2023.Continue Reading Two New Cybersecurity Proposed Rules Mean Big Changes for Federal Contractors

The origination of Other Transaction Agreements (OTAs) traces back to the October 1957 launch of Sputnik I by the Soviet Union and the subsequent Space Race. Congress created the National Aeronautics and Space Administration (“NASA”) to quickly design and build new space technology. Following the creation of NASA, Congress granted the agency broad authority to “enter into and perform such contracts, leases, cooperative agreements, or other transactions as may be necessary” to carry out its mission. National Aeronautics and Space Act of 1958, Pub. L. No. 85-568, Section 203(5).Continue Reading Challenging Other Transaction Agreements – Navigating the Jurisdictional Highway

On July 18, 2023, the Biden Administration announced the launch of the long-awaited cybersecurity labeling program, called the “U.S. Cyber Trust Mark,” aimed at providing consumers with a better understanding of the cybersecurity of the products they use daily. This labeling program seeks to enhance transparency and competition in the Internet of Things (“IoT”) device space, to “help differentiate trustworthy products in the marketplace,” and to incentivize manufacturers to meet higher cybersecurity standards.Continue Reading Cybersecurity Labeling is (Almost) Here! Biden Administration Announces the U.S. Cyber Trust Mark Program