Last week, the Department of Defense (DOD) released for comment the first public draft of the Cybersecurity Maturity Model Certification (CMMC) model, CMMC v.04. The looming question on every contractor’s mind is “what does this mean for the other cybersecurity...
Cybersecurity and the False Claims Act – DoD and NASA Cybersecurity Standards Come Front and Center
In a recent decision on a motion to dismiss, a federal district judge in the Eastern District of California served a reminder that the cybersecurity requirements included in federal contracts have some teeth. United States ex rel. Brian Markus v. Aerojet Rocketdyne...
Arbitration; classwide arbitration; doctrine of contra proferentum
LAMPS PLUS, INC. v. VARELA, ___ U.S. ___, No. 17-988 (24 April 2019). The Federal Arbitration Act (FAA), 9 U.S.C. §2, requires courts to enforce arbitration agreements according to their terms. In Stolt-Nielsen, S.A. v. AnimalFeeds, Int’l Corp., 559 U.S. 662 (2010),...
The Drumbeat For Federal Privacy Law Grows
Government contractors focused on DoD’s acquisition efforts and other businesses should keep an eye on the smoke signals in Washington rising on privacy. From GDPR in Europe, to the draft new NIST Privacy Framework, to NTIA’s request for comments on privacy, the...
DCMA To Audit Contractor Cyber Compliance
Since December 31, 2017, DoD contractors are required to have “implemented” DFARs Clause 252.204-7012 (“Safeguarding Covered Defense Information and Cyber Incident Reporting”) by the implementation of NIST 800-171 on their covered information systems. For most of the...
Ruling On Facebook, Free Speech And Public Officials
Davison v. Randall, ___ Fd.3rd ___, U.S. Court of Appeals for the 4th Circuit No. 17-2002 (7 January 2019) First Amendment, free speech clause; Facebook; public official In 2015, Phyllis J. Randall became the chairperson of the Loudoun County Board of Supervisors....
New U.S. Privacy Initiatives: NIST Privacy Framework
As government contractors implement the DFARS cybersecurity contract clause (DFARS 252.204-7012) and await the expected Federal Civilian-wide clause, other U.S. companies are figuring out the impact and requirements of the EU General Data Protection Regulation (GDPR)....
Navy Raises the Bar on Cyber Compliance
Just this past September, the Navy issued a policy memorandum, effective immediately, entitled “Implementation of Enhanced Security Controls on Select Industrial Base Partner Networks.” It called for stricter cybersecurity requirements under DFARS 252.204-7012 for...
US Agency Responding to European Privacy Protections
The European Union’s new, rigorous privacy rules, the General Data Protection Regulation (GPDR), continue to wash across the U.S. legal and regulatory landscape and impact U.S. based government contractors. The latest to join the movement are our friends at the...
Typewritten Signature Is Not a Valid Electronic Signature
Now that electronic signatures are becoming common-place, government contractors need to know what qualifies as a valid electronic signature in procurement. An offer that is not properly signed could easily show that the offeror did not intent to be bound by its offer...