On March 1, 2023, the U.S. Department of Defense (“DoD”) adopted, without change, Defense Federal Acquisition Regulation Supplement (“DFARS”) Case No. 2022-D010, Employment Transparency Regarding Individuals Who Perform Work in the People’s Republic of China (88 Fed. Reg. 12861), updating provisions at DFARS 225.7021 and adding contract clauses at 252.225-7057 and 252.225-7058. This latest DFARS rule reflects a shifting regulatory landscape aimed at increasing transparency and oversight of U.S. transactions involving China.Continue Reading Continuing Skepticism on China: Final Rule Requires Disclosure of Defense Contractor Personnel in China
Lillia Damalouji
Lillia Damalouji is an associate in Sheppard Mullin’s Washington, D.C. office where she is a member of the firm’s Governmental Practice. Lillia is also a member of the firm’s Cybersecurity Team, Supply Chain Team, Commercial Products and Services Team, and the Government Business Group.
In the Interest of National Security – Two New DFARS Rules Reinforce Increased Scrutiny For Chinese-Origin Supply Chains
Effective August 25, 2022, the U.S. Department of Defense (“DoD”) has issued two new changes to the Defense Federal Acquisition Regulation Supplement (“DFARS”) reinforcing national defense priorities that limit DoD…
Continue Reading In the Interest of National Security – Two New DFARS Rules Reinforce Increased Scrutiny For Chinese-Origin Supply ChainsNIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI) Guidelines
On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The comment period currently is open and scheduled to close on September 16, 2022. Continue Reading NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI) Guidelines
DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance
On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance
Moving to Zero Trust – CISA and OMB Seek Comments on Zero Trust Publications and Cloud Security Technical Reference Architecture under Cybersecurity Executive Order
The Office of Management and Budget (“OMB”) released its draft Federal Zero Trust Strategy under President Biden’s Executive Order on Improving the Nation’s Cybersecurity (No. 14028) (discussed previously here and…
Continue Reading Moving to Zero Trust – CISA and OMB Seek Comments on Zero Trust Publications and Cloud Security Technical Reference Architecture under Cybersecurity Executive Order
Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13, 2021.
Continue Reading Watch Your Boundaries – FedRAMP Releases Draft Authorization Boundary Guidance for Public Comment