Photo of Lillia Damalouji

Lillia Damalouji is an associate in Sheppard Mullin’s Washington, D.C. office where she is a member of the firm’s Governmental Practice. Lillia is also a member of the firm’s Cybersecurity Team, Supply Chain Team, Commercial Products and Services Team, and the Government Business Group.

On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028). The proposed rules relate to Cyber Threat and Incident Reporting and Information Sharing (FAR Case 2021-017) and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems (FAR Case 2021-019). The comment period for both rules is currently open and is scheduled to close on December 4, 2023.Continue Reading Two New Cybersecurity Proposed Rules Mean Big Changes for Federal Contractors

The origination of Other Transaction Agreements (OTAs) traces back to the October 1957 launch of Sputnik I by the Soviet Union and the subsequent Space Race. Congress created the National Aeronautics and Space Administration (“NASA”) to quickly design and build new space technology. Following the creation of NASA, Congress granted the agency broad authority to “enter into and perform such contracts, leases, cooperative agreements, or other transactions as may be necessary” to carry out its mission. National Aeronautics and Space Act of 1958, Pub. L. No. 85-568, Section 203(5).Continue Reading Challenging Other Transaction Agreements – Navigating the Jurisdictional Highway

On July 18, 2023, the Biden Administration announced the launch of the long-awaited cybersecurity labeling program, called the “U.S. Cyber Trust Mark,” aimed at providing consumers with a better understanding of the cybersecurity of the products they use daily. This labeling program seeks to enhance transparency and competition in the Internet of Things (“IoT”) device space, to “help differentiate trustworthy products in the marketplace,” and to incentivize manufacturers to meet higher cybersecurity standards.Continue Reading Cybersecurity Labeling is (Almost) Here! Biden Administration Announces the U.S. Cyber Trust Mark Program

On March 1, 2023, the U.S. Department of Defense (“DoD”) adopted, without change, Defense Federal Acquisition Regulation Supplement (“DFARS”) Case No. 2022-D010, Employment Transparency Regarding Individuals Who Perform Work in the People’s Republic of China (88 Fed. Reg. 12861), updating provisions at DFARS 225.7021 and adding contract clauses at 252.225-7057 and 252.225-7058. This latest DFARS rule reflects a shifting regulatory landscape aimed at increasing transparency and oversight of U.S. transactions involving China.Continue Reading Continuing Skepticism on China: Final Rule Requires Disclosure of Defense Contractor Personnel in China

Effective August 25, 2022, the U.S. Department of Defense (“DoD”) has issued two new changes to the Defense Federal Acquisition Regulation Supplement (“DFARS”) reinforcing national defense priorities that limit DoD

Continue Reading In the Interest of National Security – Two New DFARS Rules Reinforce Increased Scrutiny For Chinese-Origin Supply Chains

On July 19, 2022, the National Institute of Standards and Technology (NIST) released a Pre-Draft Call for Comments, seeking feedback on improving its Controlled Unclassified Information (CUI) series of publications. The comment period currently is open and scheduled to close on September 16, 2022Continue Reading NIST Wants Your Input – Updating NIST’s Controlled Unclassified Information (CUI) Guidelines

On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance

The Office of Management and Budget (“OMB”) released its draft Federal Zero Trust Strategy under President Biden’s Executive Order on Improving the Nation’s Cybersecurity (No. 14028) (discussed previously here and
Continue Reading Moving to Zero Trust – CISA and OMB Seek Comments on Zero Trust Publications and Cloud Security Technical Reference Architecture under Cybersecurity Executive Order