On Dec. 26, 2023, DoD published a proposed rule implementing the CMMC Program (the Proposed Rule). The regulations come more than three years after the release of the initial CMMC regulations (November 2020) and two years after the Biden administration announced the revised “CMMC 2.0” program (January 2021). The Proposed Rule largely reflects the CMMC
Eleanor (Elle) Ross advises government contractors from a diverse range of industries on regulatory matters including compliance with government regulations, contract disputes, defense of claims, and government investigations. She litigates bid protests before the Court of Federal Claims and the Government Accountability Office. She advises clients in connection with an array of agreements and multi-award procurements, including challenging award decisions in a variety of fora.
Elle also counsels clients on federal and state compliance obligations, particularly in connection with cybersecurity (including CMMC and NIST requirements) and supply chain risk management practices. She works with clients to understand government regulations and to develop compliance plans and to implement those plans. She also assists with making mandatory and voluntary disclosures to federal agencies and represented clients in subsequent investigations and administrative proceedings. She manages sanctions proceedings against contractors, including cases alleging fraud and corruption.
Elle also represents clients in commercial contract disputes, both in mediation and in federal court.
Previously, Ms. Ross was a legal consultant to World Bank Office of Suspension and Debarment, where she reviewed cross-border investigations to determine contractor compliance with World Bank regulations.
In July 2023 the Biden administration announced the National Cybersecurity Strategy Implementation Plan, detailing how the government will advance the cyber strategy. The plan describes 65 initiatives to achieve the objectives laid out in the strategy, and several of them will impact federal contractors.
On May 10, 2023, the National Institutes of Standards and Technology (NIST) released Revision 3 to its foundational publication, 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The publication provides guidelines for protecting sensitive unclassified information in contractor systems, and these guidelines establish the baseline cybersecurity requirements for federal defense contractors. …