Cybersecurity & Data Privacy

BLOG: Start Preparing Now for DoD's Upcoming Cybersecurity Maturity Model Certification (CMMC)

September 27, 2019
By Jonathan Williams and Emily J. Rouleau
For a while now, we have been writing about the increasing impact of cybersecurity on the government contracting world, which, as Jon wrote, has become the "fourth pillar" of Department of Defense (DoD or the Agency) acquisitions. The latest evidence of this was discussed by our colleague, Dave Shafer, in his recent blog discussing a new DoD cybersecurity certification. This certification, called Cybersecurity Maturity Model Certification or "CMMC," will significantly alter the DoD-acquisition landscape next year. Indeed, when this certification requirement comes online, all DoD contractors will be required to have CMMC to bid on, win, and retain new DoD contracts.

BLOG: Cybersecurity Meets the FCA: What the Chinese Telecom Ban Means for Government Contractors

August 27, 2019
By Peter B. Ford and Anna R. Wright
Government contractors are required to comply with a new set of prohibitions on telecommunications equipment acquired from certain Chinese companies, and they may face False Claims Act liability since the prohibitions require certification that they have not used prohibited products. These prohibitions come from the John S. McCain National Defense Authorization Act for Fiscal Year 2019,* which contains a number of provisions intended to keep U.S. government funds from moving to Chinese government-owned corporations. Section 889 in particular lists companies the Chinese government owns that are now prohibited sources of supply for telecommunications equipment. Effective August 13, 2019, these prohibitions are incorporated into the FAR in Subpart 4.21.

BLOG: Prepare Now to Secure "Controlled Unclassified Information"

August 21, 2019
By Emily J. Rouleau
Nowadays, many people are familiar with at least some types of protected information, whether in the form of personal health information or government-classified information. But, contractors working with the Department of Defense ("DoD") must remember to protect another type of information: controlled unclassified information ("CUI"). Failure by government contractors to put processes in place that protect CUI could result in the loss of contracting opportunities or potential False Claims Act-related litigation.

BLOG: Cybersecurity, Implied Certifications, and the False Claims Act

July 22, 2019
By Isaias "Cy" Alba IV
As I am sure many of you know and have read about already, the first False Claims Act ("FCA") case, US Ex rel. Markus v. AeroJet Rocketdyne Holdings, Inc., et al., No. 2:15-cv-2245, has been filed in the Eastern District of California by a disgruntled former Director of Cyber Security Compliance and Controls, and it survived a motion to dismiss in May of this year. When the existence of the AeroJet case is layered over the U.S. Supreme Court's findings in Universal Health Servs., Inc. v. US Ex rel. Escobar, 136 S.Ct. 1989 (2016), which confirmed FCA liability based upon implied certifications, a worrisome result can occur. Namely, can the disgruntled employees, aggrieved subcontractors, consultants who see an opening for a quick buck, spouses in the midst of a contentious divorce, or any other random individual with a basic knowledge of your IT systems file an FCA case against you claiming that you impliedly certified, by merely accepting a federal contract, that you were in full and unequivocal compliance with all NIST 800-171 standards and that you had all documentation required by DFARS 252.204-7012. The answer is absolutely "YES." Small to mid-sized government contractors should note that their lack of diligence can be used as evidence of recklessness which gives rise to FCA liability.

BLOG: Department of Defense Sets Course on Cybersecurity Evaluation and Enforcement

July 17, 2019
By David T. Shafer
On a limited budget, government contractors need to be compliant with a litany of statutes, regulations, and industry standards in order to remain competitive in the marketplace. This has become particularly true in the cybersecurity context.
Please fill following information to download presentation