Anyone who has been closely following the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program knows the effort has experienced a fair number of complications and delays. For
Continue Reading Updated Timeline for CMMC Implementation
On March 8, 2022, just five months after the creation of the Department of Justice’s (“DOJ”) new Civil Cyber-Fraud Initiative (previously discussed here), the DOJ announced its first settlement of a cyber-related fraud case. Under the settlement agreement, Comprehensive Health Services LLC (“CHS”) will pay $930,000 to resolve whistleblower allegations that it violated the False Claims Act by (among other things) failing to properly store and handle confidential information. This likely is just the start for increased cyber-related enforcement actions.
Just when you didn’t think things could get any weirder, on Friday, January 21, 2022, the U.S. District Court for the Southern District of Georgia issued a ruling clarifying its prior EO 14042 injunction (currently on appeal to the 11th Circuit, and discussed previously here) by refusing to clarify the injunction. Yes, you read that right. Let us explain.
Continue Reading Executive Order 14042 – Update 15.0: U.S. District Court “Clarifies” Its Injunction Applies Only To The Vaccine Mandate
On January 13, 2022, the Supreme Court reinstated the nationwide injunction of the Occupational Safety and Health Administration’s (OSHA) COVID-19 Emergency Temporary Standard (ETS). (Technically, the Court overturned the Sixth Circuit’s decision dissolving the 5th Circuit’s injunction, discussed in the OSHA Emergency Temporary Standard Survival Guide.) This means the OSHA ETS is no longer in force, and businesses, regardless of size, need not comply with the OSHA ETS vaccine/test mandate.
Continue Reading Supreme Court Enjoins OSHA Emergency Temporary Standard; Keeps CMS Rule Alive
Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement
Continue Reading Executive Order 14042 – Update 12.0: U.S. District Court Issues Nationwide Injunction
In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related
Continue Reading What We Know And Don’t About The Federal Court Order Enjoining EO 14042
On November 4, 2021, the Department of Defense (“DOD”) announced several changes to the Cybersecurity Maturity Model Certification (“CMMC”) program – the program that DOD intends to use to enhance the security of the defense industrial base through assessments and third-party cybersecurity certifications.[1] The new version of the program – “CMMC 2.0” – is a result of DOD’s internal review of the CMMC program implemented thus far (“CMMC 1.0”), which began following the release of an interim rule in September 2020, and included review of over 850 public comments. DOD intends to engage in additional rulemaking to refine and finalize CMMC 2.0. Although the overall goal of the program remains focused on safeguarding sensitive unclassified information, CMMC 2.0 includes several important differences from the original program, as discussed in greater detail below.
Continue Reading DOD Updates Its Cybersecurity Certification Program – CMMC 2.0: What Contractors Need to Know
On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance
On September 9, 2021, the President issued Executive Order 14042, which applies new rules – including vaccination mandates – to Federal contractors and subcontractors. This rule is different and
Continue Reading Executive Order 14042 Survival Guide
On September 9, 2021, President Biden signed an Executive Order (EO) to implement COVID safety protocols for Federal service contractors. While the EO did not identify specific safety protocols, it did direct a Federal task force (the “Safer Federal Workforce Task Force,” created by Executive Order in January 2021) to issue COVID-19-related workplace safety guidance for prime contractors and subcontractors in the near future. Specifically, the Task Force is charged with issuing contractor guidance by September 24, 2021, including definitions of relevant terms, specific workplace safety protocols, and applicable exceptions.
Continue Reading COVID-19 Oversight and Enforcement: President Biden’s COVID Executive Order
As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order. The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.
Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order