Photo of Edwin O. Childs

As a leader of the firm’s Defense, National Security and Government Contracting industry team, Ned Childs is a government contract and investigations and enforcement attorney who represents companies across a wide range of sectors, including the defense, services, technology, and aerospace industries.

After a nearly five-year rulemaking process, the U.S. Department of Defense (DoD) published the Final Cybersecurity Maturity Model Certification 2.0 (CMMC) program rule in the Federal Register on Oct. 15, 2024, codified at 32 CFR Part 170. Contract clauses implementing the CMMC program rule will be issued as part of the Defense Federal Acquisition Supplement

On June 21, the U.S. Department of Homeland Security issued a long-anticipated cybersecurity final rule that revises an existing clause and adds two new clauses to the Homeland Security Acquisition Regulation related to contractors’ handling of controlled unclassified information.

Read on for highlights from this rule, which goes into effect July 21 and is likely

On July 8, 2022, the U.S. Department of Justice announced a $9 million
settlement with federal government contractor Aerojet Rocketdyne, Inc. for
alleged violations of the False Claims Act in a case pending in the Eastern
District of California. The settlement results from alleged false
statements by Aerojet related to compliance with Department of Defense

On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to

On Nov. 4, the Department of Defense announced significant changes to the Cybersecurity Maturity Model Certification program, intended to simplify the certification standard and prioritize protection of certain types of controlled defense information.

Read on for an overview of the changes, a timeline for their implementation and implications for defense contractors.

On Oct. 6, the Department of Justice announced a new Civil Fraud Cyber Initiative to “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.”

Read on for details and analysis of this new enforcement initiative and

On May 12, President Biden signed an executive order mandating that the federal government significantly improve cybersecurity within its networks and modernize federal cyber defenses. This move follows a series of cyberattacks on private companies and federal government networks over the past year, including a recent incident that resulted in gasoline shortages along the U.S.

On Tuesday, October 4, 2016, the Department of Defense (DoD) issued a long-awaited final rule implementing statutory requirements (10 U.S.C. §§ 391, 393) as part of 32 C.F.R part 236 regarding the reporting, by defense contractors, of certain cyber incidents relating to the contractor’s electronic systems.  These reporting requirements are above and beyond what contractors