Photo of Cassidy Kim

Cassidy Kim focuses her practice on government contracts and procurement matters. Cassidy also advises clients on cybersecurity and privacy compliance issues. She has worked with clients operating in an array of industries to navigate these sectors of the law, including providers of critical government infrastructure solutions, enterprise cloud services, EdTech, and autonomous defense systems.

Cassidy advises clients on litigating bid protests and claims involving state and federal level government procurements, including before the Government Accountability Office, U.S. Court of Federal Claims, and the California Department of General Services. She also provides industry-specific counsel on the CCPA/CPRA, GDPR, NIST, and related privacy and cybersecurity matters. Cassidy has developed consumer-facing privacy disclosures, B2B data transfer agreements, and employee compliance procedures. She has also led strategy on responses to regulatory actions and advised on supply chain risk management practices.

Prior to Greenberg Traurig, Cassidy worked as counsel at the Federal Reserve Bank of San Francisco, where she managed negotiations and provided strategic advice on San Francisco Fed and other Federal Reserve System contracts and procurement efforts across core business groups.

On Oct. 21, 2024, the OMB Office of Information and Regulatory Affairs (OIRA) concluded its regulatory review of the long-awaited Federal Acquisition Regulation Controlled Unclassified Information Rule (FAR CUI Rule), clearing the proposed rule’s path for publication in the Federal Register in 2024.

The FAR CUI Rule is being issued pursuant to Executive Order 13556

On Oct. 14, 2024, the Department of Defense (DoD) published the final rule that would implement the Cybersecurity Maturity Model Certification 2.0 (CMMC) Program under 32 CFR Part 170 (Final Rule) to the Federal Register. The Final Rule comes less than 10 months after DoD published the proposed rule, which yielded approximately 361 submissions

On Aug. 15, 2024, the Department of Defense (DoD) published a proposed rule that would implement contract clauses under 48 CFR related to the Cybersecurity Maturity Model Certification (CMMC) Program (Proposed Rule). DoD previously published a related proposed rule that would implement the CMMC 2.0 Program under 32 CFR 170 and provided the relevant security

In July 2022, two relators sued the Georgia Tech Research Corporation (GTRC) and the Georgia Institute of Technology (GA Tech) under the FCA. The allegations include violations of the FCA and employment law, based on the “increasing retaliation” experienced by the relators after they escalated their concerns. 

Continue reading the full GT Alert.

On April 4, 2024, CISA published its long-awaited Notice of Proposed Rulemaking to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). If passed in their current form, the Rules would create extensive reporting obligations for an estimated 316,244 covered entities across 16 critical infrastructure sectors. 

Continue reading the full GT Alert.

On Dec. 26, 2023, DoD published a proposed rule implementing the CMMC Program (the Proposed Rule). The regulations come more than three years after the release of the initial CMMC regulations (November 2020) and two years after the Biden administration announced the revised “CMMC 2.0” program (January 2021). The Proposed Rule largely reflects the CMMC