After a nearly five-year rulemaking process, the U.S. Department of Defense (DoD) published the Final Cybersecurity Maturity Model Certification 2.0 (CMMC) program rule in the Federal Register on Oct. 15, 2024, codified at 32 CFR Part 170. Contract clauses implementing the CMMC program rule will be issued as part of the Defense Federal Acquisition Supplement
Edwin O. Childs
As a leader of the firm’s Defense, National Security and Government Contracting industry team, Ned Childs is a government contract and investigations and enforcement attorney who represents companies across a wide range of sectors, including the defense, services, technology, and aerospace industries.
DHS Issues Final Rule Regulating Federal Contractors’ Handling of Controlled Unclassified Information
On June 21, the U.S. Department of Homeland Security issued a long-anticipated cybersecurity final rule that revises an existing clause and adds two new clauses to the Homeland Security Acquisition Regulation related to contractors’ handling of controlled unclassified information.
Read on for highlights from this rule, which goes into effect July 21 and is likely…
DOJ and Aerojet Settle for $9 Million in Qui Tam Cybersecurity False Claims Act Case
On July 8, 2022, the U.S. Department of Justice announced a $9 million
settlement with federal government contractor Aerojet Rocketdyne, Inc. for
alleged violations of the False Claims Act in a case pending in the Eastern
District of California. The settlement results from alleged false
statements by Aerojet related to compliance with Department of Defense…
DOJ Announces First False Claims Settlement Since Launch of Civil Cyber-Fraud Initiative
On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to…
CMMC 2.0: Department of Defense Revamps Cybersecurity Maturity Model Certification Program
On Nov. 4, the Department of Defense announced significant changes to the Cybersecurity Maturity Model Certification program, intended to simplify the certification standard and prioritize protection of certain types of controlled defense information.
Read on for an overview of the changes, a timeline for their implementation and implications for defense contractors.
Department of Justice Announces Increased FCA Enforcement Through New Civil Cyber-Fraud Initiative
On Oct. 6, the Department of Justice announced a new Civil Fraud Cyber Initiative to “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.”
Read on for details and analysis of this new enforcement initiative and…
Biden Administration Orders Improvements to Cybersecurity and Federal Networks Amid Cyberattacks
On May 12, President Biden signed an executive order mandating that the federal government significantly improve cybersecurity within its networks and modernize federal cyber defenses. This move follows a series of cyberattacks on private companies and federal government networks over the past year, including a recent incident that resulted in gasoline shortages along the U.S.…
Effective November 3, 2016: Final DoD Cyber Incident Reporting Rule
On Tuesday, October 4, 2016, the Department of Defense (DoD) issued a long-awaited final rule implementing statutory requirements (10 U.S.C. §§ 391, 393) as part of 32 C.F.R part 236 regarding the reporting, by defense contractors, of certain cyber incidents relating to the contractor’s electronic systems. These reporting requirements are above and beyond what contractors…