Photo of Cassidy Kim

Cassidy Kim

Cassidy Kim focuses her practice on government contracts and procurement matters. Cassidy also advises clients on cybersecurity and privacy compliance issues. She has worked with clients operating in an array of industries to navigate these sectors of the law, including providers of critical government infrastructure solutions, enterprise cloud services, EdTech, and autonomous defense systems.

Cassidy advises clients on litigating bid protests and claims involving state and federal level government procurements, including before the Government Accountability Office, U.S. Court of Federal Claims, and the California Department of General Services. She also provides industry-specific counsel on the CCPA/CPRA, GDPR, NIST, and related privacy and cybersecurity matters. Cassidy has developed consumer-facing privacy disclosures, B2B data transfer agreements, and employee compliance procedures. She has also led strategy on responses to regulatory actions and advised on supply chain risk management practices.

Prior to Greenberg Traurig, Cassidy worked as counsel at the Federal Reserve Bank of San Francisco, where she managed negotiations and provided strategic advice on San Francisco Fed and other Federal Reserve System contracts and procurement efforts across core business groups.

Contact:Read more about Cassidy Kim

On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors.
Continue Reading Recapping CMMC Level 3: Considerations for Government Contractors

Starting Nov. 10, 2025, contractors and subcontractors handling controlled unclassified information (CUI) may be required to have a current CMMC Level 2 self-assessment for new contracts and option exercises involving CUI.
Continue Reading Recapping CMMC Level 2: Considerations for Government Contractors

On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors. This final rule established a November 10, 2025 go-live date for the start of phase 1 of CMMC. As we covered in our prior

In June 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued draft updated guidance for public comment on the Minimum Elements for a Software Bill of Materials (SBOM), which the National Telecommunications and Information Administration (NTIA) first published in 2021 for federal agencies in response to Executive Order 14028 on Improving the Nation’s Cybersecurity.
Continue Reading Software Bill of Materials Guidance for Government Contractors

Cybersecurity month starts with a critical compliance date for the Department of Justice (DOJ)’s Data Security Program (DSP). Starting on Oct. 6, any U.S. person or company handling Americans’ bulk sensitive or personal data or U.S. government-related data must implement a written data compliance program that lays out specified due diligence, audit, reporting, and recordkeeping processes for covered data transactions.
Continue Reading Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025

On July 31, 2025, the Fraud Section of the U.S. Department of Justice’s Commercial Litigation Branch (Fraud Section) announced new settlement agreements with government contractors to resolve their respective False Claims Act (FCA) liabilities arising out of cyber fraud allegations.

Continue Reading DOJ Settles Cybersecurity FCA Claims With PE Firm and Government Contractors

DOJ’s new Data Security Program (DSP), effective April 8, 2025, imposes significant restrictions on U.S. government contractors and global companies that handle sensitive U.S. personal or government-related data. The DSP is currently subject to a 90-day initial enforcement period, After July 8, 2025, NSD will implement full enforcement of the DSP.
Continue Reading DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities

On Jan. 15, 2025, the Department of Defense (DoD), General Services Administration, and NASA, all members of the FAR Council, published a proposed FAR CUI Rule under Title 48 of the CFR. This proposed rule amends the Federal Acquisition Regulation (FAR) to implement the third and final piece of the National Archives and Records Administration’s