Photo of Nikole Snyder

Nikole Snyder is an associate in the Government Contracts, Investigations and International Trade Practice Group in the firm's Washington, D.C. office.

As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order.  The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.

Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order

In February 2021, President Biden issued Executive Order 14017, “Executive Order on America’s Supply Chains” (discussed here), requiring (among other things) a report within 100-days requiring key government agencies to assess vulnerabilities and consider potential improvements to supply chains in four critical industries – (i) semiconductor manufacturing; (ii) high capacity batteries; (iii) rare earth elements; and (iv) pharmaceuticals.

Continue Reading At a Glance: White House 100-Day Supply Chain Report

On May 12, 2021, the Biden Administration issued its much anticipated “Executive Order on Improving the Nation’s Cybersecurity.” Below are provisions we believe will be of most interest to contractors, as well as any company that provides information technology (“IT”) and operational technology (“OT”) services, cloud computing, software, or internet of things (“IoT”) technology, as the new regulations and standards called for in the Order are likely to have an impact beyond government contractors.
Continue Reading Biden’s Cybersecurity Executive Order

On February 24, 2021, President Biden signed Executive Order 14017, “Executive Order on America’s Supply Chains,” requiring a review of global supply chains that support key U.S. industries in an attempt to improve supply chain security for the U.S. government and U.S. companies. The new Executive Order appears to be an initial step focused on information gathering. Comprehensive reforms and supply chain strategies are likely to follow once the White House has collected key information.
Continue Reading Finding the Weak Links – President Biden Executive Order Demands Review of Critical U.S. Supply Chains

On December 21, 2020, the Department of Defense (“DoD”) published a final rule in the Federal Register that codifies the National Industrial Security Program Operating Manual (“NISPOM”) in the Code of Federal Regulations (“CFR”) at 32 CFR part 117. The rule will become effective on February 24, 2021, giving contractors six months from the effective date to comply with the changes. Comments on the proposed change are due by February 19, 2021.[1]
Continue Reading The NISPOM is Becoming a Regulation & Contractors Have Six Months to Comply

At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.”  The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well.  Continue reading for our breakdown of key provisions.
Continue Reading DoD’s Long Awaited Rule on CMMC – Plus a New Cybersecurity Assessment Methodology for Contractors to Start Right Now

On September 10, 2020, the General Services Administration (“GSA”) hosted a webinar related to its implementation of Section 889 of the 2019 NDAA – the ban relating to certain Chinese telecom companies – and associated updated FAR clauses.  (We previously have written about Section 889 here, here, here, and here).  Below we provide highlights from the meeting.  Slides presented at the meeting also are available here.
Continue Reading GSA’s Take on Implementation of Section 889

On July 14, 2020 the Department of Defense (“DoD”), General Services Administration (“GSA”), and the National Aeronautics and Space Administration (“NASA”) published an Interim Rule amending the Federal Acquisition Regulation (“FAR”) in order to implement Section 889(a)(1)(B) of the FY 2019 National Defense Authorization Act (“NDAA”).[1] The Interim Rule is effective August 13, 2020, and applies to all solicitations issued after (or resulting in contracts that will be awarded after) the effective date. Interested parties have until September 14, 2020 to submit written comments for consideration in the formation of the Final Rule.
Continue Reading Interim Rule Confirms Section 889 Part B Restriction on Contractor Use of Chinese Telecom Will Go Into Effect August 2020

A lot has happened since the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (CMMC) v. 1.0 back in February (see our prior discussion here).  In addition to developments with the CMMC Accreditation Body (“CMMC AB”), DOD has clarified applicability of the program to Commercially available off-the-shelf (“COTS”) providers and the impact of COVID-19 on program implementation.     
Continue Reading DOD CMMC Update – Third Party Auditors Gear Up and COTS Providers Get a Pass

On January 30, 2020, the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year.  
Continue Reading CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity