Achieving Cyber-Fitness in 2017: Part 3—Proving Compliance and the Role of Third-Party Auditors

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352.

The Department of Defense final rule for safeguarding covered defense information requires contractors to implement the security controls in National Institute of Standards and Technology Special Publication 800-171 by December 31. See 81 Fed. Reg. 72986; Chierichella, Bourne and Biancuzzo, Feature Comment, “Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance,” 59 GC ¶ 25. In enacting the final rule, the drafters created “[n]o new oversight paradigm” or certification requirement. 81 Fed. Reg. 72990. More recently, in response to questions from industry on compliance with NIST SP 800-171, DOD stated,

The rule does not require “certification” of any kind, either by DoD or any other firm professing to provide compliance, assessment, or certification services for DoD or Federal contractors. Nor will DoD give any credence to 3rd party assessments or certifications—by signing the contract, the contractor agrees to comply with the terms of the contract. It is up to the contractor to determine that their systems meet the requirements.

Some companies with limited cybersecurity expertise may choose to seek outside assistance in determining how best to meet and implement the NIST SP 800-171 requirements in their company. But, once the company has implemented the requirements, there is no need to have a separate entity assess or certify that the company is compliant with NIST SP 800-171. Continue Reading

Supreme Court Deals Blow to SEC By Applying Five-Year Statute of Limitations to Disgorgement Remedies in SEC Enforcement Actions

On June 5, 2017 the Supreme Court dealt a significant setback to the Securities and Exchange Commission (“SEC”) by limiting its power to extract ill-gotten profits from securities laws violators. Ruling 9-0 in Kokesh v. S.E.C., No. 16– 529, — S. Ct. — (June 5, 2017), the Court held that in SEC enforcement actions, “disgorgement” – a form of restitution in which a defendant must pay back wrongful gains – is subject to a five-year statute of limitations. Continue Reading

Dear Congress: Your District Needs a New E-4 Visa for Promising Entrepreneurs

Procedural History

In August 2016, the Department of Homeland Security proposed an “International Entrepreneur” parole rule that would allow qualifying foreign entrepreneurs to develop and grow their start-up companies in the United States. After public comment, the rule was finalized and released in the closing days of the previous Administration. Continue Reading

Presidential Executive Order on Cybersecurity: No More Antiquated IT

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and reworked further. The Executive Order calls for a government-wide review and analysis of federal information technology infrastructure, including known risks and vulnerabilities, as well as consideration of the U.S.’s cybersecurity capabilities in relation to the rest of the world. Continue Reading

House Armed Services Committee Takes Aim at GSA with Proposed Legislation

On May 18, 2017, House Armed Services Committee Chairman Mac Thornberry introduced H.R. 2511, titled “The Defense Acquisition Streamlining and Transparency Act.” The bill drastically would change how commercial off-the-shelf (“COTS”) products are acquired by the Department of Defense, and could signal the end of the line for the GSA Schedules program. This bill aims to create a more streamlined COTS procurement system. To achieve this goal, the proposed legislation ignores longstanding procurement principles, statutes, and regulations – and even contravenes several stated positions of the Trump administration – to provide an alternative to the General Services Administration (“GSA”) Schedules program the drafters clearly believe is too burdensome, inefficient, and costly. Continue Reading

UPDATE: Congress and Trump Administration Repeal “Blacklisting” Rule, Relieving Contractors from Strict Labor Reporting and Other Requirements

On March 27, 2017, President Donald Trump signed into law a Congressional Review Act (“CRA”) resolution repealing the so-called “blacklisting” rule, which would have imposed strict labor reporting and other requirements upon government contractors. This was followed by an Executive Order (“EO”) signed by President Trump the same day, effectively nullifying President Barack Obama’s Fair Pay and Safe Workplaces EO that first called for the blacklisting rule. Continue Reading

Financial Regulators Take Note: The Supreme Court’s Newest Member is a Tough Taskmaster

On April 10, 2017, Neil Gorsuch was sworn in as the Supreme Court’s 113th justice. While his experience on the Tenth Circuit Court of Appeals with cases involving financial regulation may be limited, certain of his decisions reflect an identifiable hostility towards executive agencies that, in his view, act in excess of the powers accorded them by statutory and constitutional law. These decisions suggest that the High Court’s newest justice will keep a close eye on how financial regulators go about their business. Continue Reading

Defense Contractors to Face New Cost Accounting Oversight with Creation of Defense Cost Accounting Standards Board

Section 820 of the National Defense Authorization Act for Fiscal Year 2017 (“NDAA”) establishes a new Defense Cost Accounting Standards Board (“D-CASB”) to oversee the application of the Cost Accounting Standards (“CAS”) to defense contracts. The amendments made by Section 820 shall take effect on October 1, 2018. Continue Reading

FINRA Updates Its Sanction Guidelines

Earlier this month, FINRA announced changes to its Sanction Guidelines through Notice to Members 17-13. FINRA’s Sanction Guidelines are used by FINRA disciplinary hearing panels to decide what, if any, sanctions to impose in those enforcement actions in which a rule violation is found. FINRA enforcement staff and members of the defense bar utilize the guidelines in settlement negotiations. Continue Reading

Buy American and Hire American – New Executive Order Promises to Put American Workers First, But Practical Impacts Remain Unclear

On April 18, President Trump signed a new executive order (EO) at a ceremony in Kenosha, Wisconsin. The EO is entitled “Buy American and Hire American” and focuses on these two themes, with the President’s stated goal of ending the “theft of American prosperity” by focusing on American workers and products. While the details of how the new EO will be applied will undoubtedly take months to implement (pending numerous agency-level reviews), companies doing business with the federal government, or with an interest in foreign high-skill workers, should be aware of these new developments so that they can prepare for the adjustments they will need to make in the near future, as the President’s efforts to put American workers first take shape. Continue Reading

LexBlog