Photo of Lillia Damalouji

Lillia Damalouji is an associate in Sheppard Mullin’s Washington, D.C. office where she is a member of the firm’s Governmental Practice. Lillia is also a member of the firm’s Cybersecurity Team, Supply Chain Team, Commercial Products and Services Team, and the Government Business Group.

On March 1, 2023, the U.S. Department of Defense (“DoD”) adopted, without change, Defense Federal Acquisition Regulation Supplement (“DFARS”) Case No. 2022-D010, Employment Transparency Regarding Individuals Who Perform Work in the People’s Republic of China (88 Fed. Reg. 12861), updating provisions at DFARS 225.7021 and adding contract clauses at 252.225-7057 and 252.225-7058. This latest DFARS rule reflects a shifting regulatory landscape aimed at increasing transparency and oversight of U.S. transactions involving China.Continue Reading Continuing Skepticism on China: Final Rule Requires Disclosure of Defense Contractor Personnel in China

Effective August 25, 2022, the U.S. Department of Defense (“DoD”) has issued two new changes to the Defense Federal Acquisition Regulation Supplement (“DFARS”) reinforcing national defense priorities that limit DoD

Continue Reading In the Interest of National Security – Two New DFARS Rules Reinforce Increased Scrutiny For Chinese-Origin Supply Chains

On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The comment period currently is open and scheduled to close on September 16, 2022Continue Reading NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI) Guidelines

On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance