On Aug. 15, 2024, the Department of Defense (DoD) published a proposed rule that would implement contract clauses under 48 CFR related to the Cybersecurity Maturity Model Certification (CMMC) Program (Proposed Rule). DoD previously published a related proposed rule that would implement the CMMC 2.0 Program under 32 CFR 170 and provided the relevant security
Government Contractors
DOJ Files Complaint in First Cybersecurity False Claims Act Qui Tam Case Intervention
In July 2022, two relators sued the Georgia Tech Research Corporation (GTRC) and the Georgia Institute of Technology (GA Tech) under the FCA. The allegations include violations of the FCA and employment law, based on the “increasing retaliation” experienced by the relators after they escalated their concerns.
Proposed Cyber Incident Reporting Requirements for DIB Contractors Under CIRCIA
On April 4, 2024, CISA published its long-awaited Notice of Proposed Rulemaking to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). If passed in their current form, the Rules would create extensive reporting obligations for an estimated 316,244 covered entities across 16 critical infrastructure sectors.
DOJ’s First Intervention in Cybersecurity FCA Qui Tam Case Signals Continued Cyber Enforcement
In July 2022, two relators sued the GTRC and GA Tech under the FCA. The allegations include violations of the FCA and employment law based on the relators’ claims of “increasing retaliation” experienced after they escalated their concerns.
DoD Issues Proposed CMMC Rule for Contractors
On Dec. 26, 2023, DoD published a proposed rule implementing the CMMC Program (the Proposed Rule). The regulations come more than three years after the release of the initial CMMC regulations (November 2020) and two years after the Biden administration announced the revised “CMMC 2.0” program (January 2021). The Proposed Rule largely reflects the CMMC…
The National Cybersecurity Strategy Implementation Plan: What Contractors Need to Know
In July 2023 the Biden administration announced the National Cybersecurity Strategy Implementation Plan, detailing how the government will advance the cyber strategy. The plan describes 65 initiatives to achieve the objectives laid out in the strategy, and several of them will impact federal contractors.