The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional comments through December 18, 2023. This is an important opportunity for software producers (and others) to provide input that will help shape the future of software supply chain regulations. At a time when the federal government is struggling to harmonize myriad rules on cybersecurity and supply chain, recommendations from industry will be key.Continue Reading Update: CISA Seeks Additional Input from Software Providers on Security Attestation Form

Since the beginning of Fiscal Year 2024, the Government Accountability Office has published 35 decisions, but only two of which resulted in decisions sustaining the challenge. As contracting activities are busy awarding new contracts, it is important to follow the trends related to successful and effective protests as you consider filing your own bid protest, or as you defend your award as an intervenor. Below we dive into recent bid protest decisions and identify what won, what did not win, and why.Continue Reading Bid Protest Hub – November 2023

On November 6, 2023, the Centers for Medicare and Medicaid Services (“CMS”) released the contract year 2025 proposed rule for Medicare Advantage (“MA”) organizations and Part D sponsors (the “Proposed Rule”). The Proposed Rule covers an array of regulatory topics including the Star Ratings program, marketing and communications, agent and broker compensation, health equity, dual eligible special needs plans (“D-SNPs”), utilization management, network adequacy, and access to biosimilars.Continue Reading CMS Promotes Competition, Transparency, Health Equity and More in the CY2025 Medicare Advantage and Part D Proposed Rule

On October 30, 2023, the White House issued an Executive Order focusing on safe, secure and trustworthy AI and laying out a national policy on AI. In stark contrast to the EU, which through the soon to be enacted AI Act is focused primarily on regulating uses of AI that are unacceptable or high risk, the Executive Order focuses on responsible use of AI as well as developers, the data they use and the tools they create. The goal is to ensure that AI systems used by government and the private sector are safe, secure, and trustworthy. The Executive Order seeks to enhance federal government use and deployment of AI, including to improve cybersecurity and U.S. defenses, and to promote innovation and competition to allow the U.S. to maintain its position as a global leader on AI issues. It also emphasizes the importance of protections for various groups including consumers, patients, students, workers and kids.Continue Reading Flash Briefing on White House Executive Order on AI Regulation and Policy

The US just catapulted into being the world leader on regulating AI. Bypassing Congress, the White house issued an Executive Order focusing on safe, secure and trustworthy AI and laying out a national policy on AI. In stark contrast to the EU, which through the soon to be enacted AI Act is focused primarily on regulating uses of AI that are unacceptable or high risk, the Executive Order focuses primarily on the developers, the data they use and the tools they create. The goal is to ensure that AI systems are safe, secure, and trustworthy before companies make them public. It also focuses on protection of various groups including consumers, patients, students, workers and kids.Continue Reading White House Executive Order Ramps Up US Regulation of and Policy Toward AI

Ever wonder what it takes to win a protest? 

With GAO’s statistics for Fiscal Year 2023 (“FY 23”) just released, we thought now is the perfect time to share some insights we gained by reading every published decision in which GAO sustained a protest during FY 23. GAO saw a rise in cases in Fiscal Year 2023 – up 22% from last year, or 2,025 cases, and it conducted hearings in 22 cases, compared to only two last year. GAO’s statistics from Fiscal Year 2022 showed a relatively steady sustain rate percentage hovering between 13% and 15% of the decisions on the merits. This year GAO reports a sustain rate of 31%, listing the number of sustained cases at 188, versus 59 last year. GAO explains the higher number of sustains is, at least in large part, due to “an unusually high number of protests challenging a single procurement,” namely the Department of Health and Human Services’ (“HHS”) Chief Information Officer-Solutions and Partners 4 (“CIO-SP4”) acquisition, in which GAO sustained 119 protests on primarily one ground. Taking this one procurement out of the mix, there are 69 remaining sustains, which would equate to a sustain rate of about 14% – much more in line with GAO’s historic rate over the prior 4 years of 13% to 15%.Continue Reading If Past is Prologue – What Made Protests Successful in Fiscal Year 2023?

In Securities & Exchange Commission v. Govil, No. 22-1658, 2023 WL 7137291 (2d Cir. Oct. 31, 2023), the United States Court of Appeals for the Second Circuit dealt a setback to the enforcement agenda of the Securities and Exchange Commission (“SEC”) by limiting its ability to seek disgorgement under 15 U.S.C. § 78u(d)(5) and (7) to situations in which the regulator can demonstrate investors have suffered pecuniary harm.Continue Reading Second Circuit Reins in SEC Disgorgement Powers

On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (“FedRAMP”) (the “Draft Memo”). The Draft Memo comes almost one year after Congress passed the FedRAMP Authorization Act (the “Act”) as part of the Fiscal Year 2023 National Defense Authorization Act, which codified FedRAMP.Continue Reading Time for An Upgrade: OMB Releases Draft Memorandum Modernizing FedRAMP

The COVID-19 Pandemic wreaked havoc on many businesses. For others, though, it created new opportunities to sell to the federal government, including an unprecedented demand for personal protective equipment (“PPE”), COVID tests, and vaccines. Perhaps your company found itself as a first-time government contractor, or you started selling products to the government that you had never sold before. If your government contract went smoothly, congratulations! If not, you may be left wondering who will pay for unexpected increased costs of performance, or how you can defend against the government’s claims to recoup overpayments or liquidated damages. Continue Reading Don’t Leave Money on the Table from Your Pandemic-Era Healthcare Procurement Contract

On October 5, 2023, the FAR Council released an Interim Rule on “Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.” The Interim Rule implements requirements from Section 202 of the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”), which will require contractors to ensure certain products and services are excluded from the U.S. Government supply chain as directed by the Federal Acquisition Security Council (“FASC”). The Interim Rule becomes effective 60 days after publication, requiring new FAR clauses to be incorporated into all solicitations and contracts (including orders and modifications) issued after December 4, 2023.Continue Reading Interim Rule Effective in December Establishes Requirements for Contractors to Remove Identified Products and Services from the U.S. Government Supply Chain