Photo of Nikole Snyder

Nikole Snyder is an associate in the Governmental Practice in the firm's Washington, D.C. office. She is a lead associate of the firm’s Government Business Group.

Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement
Continue Reading Executive Order 14042 – Update 12.0: U.S. District Court Issues Nationwide Injunction

In news that will be of interest to every federal contractor, including large and small businesses, universities, banks, and the health care industry, Executive Order 14042 (along with the related
Continue Reading What We Know And Don’t About The Federal Court Order Enjoining EO 14042

On November 4, 2021, the Department of Defense (“DOD”) announced several changes to the Cybersecurity Maturity Model Certification (“CMMC”) program – the program that DOD intends to use to enhance the security of the defense industrial base through assessments and third-party cybersecurity certifications.[1] The new version of the program – “CMMC 2.0” – is a result of DOD’s internal review of the CMMC program implemented thus far (“CMMC 1.0”), which began following the release of an interim rule in September 2020, and included review of over 850 public comments. DOD intends to engage in additional rulemaking to refine and finalize CMMC 2.0. Although the overall goal of the program remains focused on safeguarding sensitive unclassified information, CMMC 2.0 includes several important differences from the original program, as discussed in greater detail below.
Continue Reading DOD Updates Its Cybersecurity Certification Program – CMMC 2.0: What Contractors Need to Know

On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance

On September 9, 2021, President Biden signed an Executive Order (EO) to implement COVID safety protocols for Federal service contractors. While the EO did not identify specific safety protocols, it did direct a Federal task force (the “Safer Federal Workforce Task Force,” created by Executive Order in January 2021) to issue COVID-19-related workplace safety guidance for prime contractors and subcontractors in the near future. Specifically, the Task Force is charged with issuing contractor guidance by September 24, 2021, including definitions of relevant terms, specific workplace safety protocols, and applicable exceptions.
Continue Reading COVID-19 Oversight and Enforcement: President Biden’s COVID Executive Order

As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order.  The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.
Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order

In February 2021, President Biden issued Executive Order 14017, “Executive Order on America’s Supply Chains” (discussed here), requiring (among other things) a report within 100-days requiring key government agencies to assess vulnerabilities and consider potential improvements to supply chains in four critical industries – (i) semiconductor manufacturing; (ii) high capacity batteries; (iii) rare earth elements; and (iv) pharmaceuticals.
Continue Reading At a Glance: White House 100-Day Supply Chain Report

On May 12, 2021, the Biden Administration issued its much anticipated “Executive Order on Improving the Nation’s Cybersecurity.” Below are provisions we believe will be of most interest to contractors, as well as any company that provides information technology (“IT”) and operational technology (“OT”) services, cloud computing, software, or internet of things (“IoT”) technology, as the new regulations and standards called for in the Order are likely to have an impact beyond government contractors.
Continue Reading Biden’s Cybersecurity Executive Order

On February 24, 2021, President Biden signed Executive Order 14017, “Executive Order on America’s Supply Chains,” requiring a review of global supply chains that support key U.S. industries in an attempt to improve supply chain security for the U.S. government and U.S. companies. The new Executive Order appears to be an initial step focused on information gathering. Comprehensive reforms and supply chain strategies are likely to follow once the White House has collected key information.
Continue Reading Finding the Weak Links – President Biden Executive Order Demands Review of Critical U.S. Supply Chains