After a nearly five-year rulemaking process, the U.S. Department of Defense (DoD) published the Final Cybersecurity Maturity Model Certification 2.0 (CMMC) program rule in the Federal Register on Oct. 15, 2024, codified at 32 CFR Part 170. Contract clauses implementing the CMMC program rule will be issued as part of the Defense Federal Acquisition Supplement
Jason M. Vespoli
Jason focuses his practice on federal and state procurement, government technology, bid protests and government contract disputes, and regulatory compliance. He utilizes experience in state government, government technology, and complex procurement to solve problems in innovative and efficient ways.
DHS Issues Final Rule Regulating Federal Contractors’ Handling of Controlled Unclassified Information
On June 21, the U.S. Department of Homeland Security issued a long-anticipated cybersecurity final rule that revises an existing clause and adds two new clauses to the Homeland Security Acquisition Regulation related to contractors’ handling of controlled unclassified information.
Read on for highlights from this rule, which goes into effect July 21 and is likely…
DOJ and Aerojet Settle for $9 Million in Qui Tam Cybersecurity False Claims Act Case
On July 8, 2022, the U.S. Department of Justice announced a $9 million
settlement with federal government contractor Aerojet Rocketdyne, Inc. for
alleged violations of the False Claims Act in a case pending in the Eastern
District of California. The settlement results from alleged false
statements by Aerojet related to compliance with Department of Defense…
DOJ Announces First False Claims Settlement Since Launch of Civil Cyber-Fraud Initiative
On March 8, the U.S. Department of Justice announced a $930,000 settlement with Comprehensive Health Services, LLC for alleged violations of the False Claims Act. As DOJ’s first resolution of a False Claims Act enforcement action involving cyber fraud since launching its Civil Cyber-Fraud Initiative in October 2021, this settlement signals the DOJ’s eagerness to…
CMMC 2.0: Department of Defense Revamps Cybersecurity Maturity Model Certification Program
On Nov. 4, the Department of Defense announced significant changes to the Cybersecurity Maturity Model Certification program, intended to simplify the certification standard and prioritize protection of certain types of controlled defense information.
Read on for an overview of the changes, a timeline for their implementation and implications for defense contractors.
Department of Justice Announces Increased FCA Enforcement Through New Civil Cyber-Fraud Initiative
On Oct. 6, the Department of Justice announced a new Civil Fraud Cyber Initiative to “combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.”
Read on for details and analysis of this new enforcement initiative and…
Biden Administration Orders Improvements to Cybersecurity and Federal Networks Amid Cyberattacks
On May 12, President Biden signed an executive order mandating that the federal government significantly improve cybersecurity within its networks and modernize federal cyber defenses. This move follows a series of cyberattacks on private companies and federal government networks over the past year, including a recent incident that resulted in gasoline shortages along the U.S.…
Ready or Not… Government Contractor Cybersecurity Requirements Roll Out This Month
The Department of Defense is rolling out new regulations over the next five years to set progressive steps toward mandatory cybersecurity certification for government contractors. The first set of requirements goes into effect Nov. 30.
Click here to learn what contractors must do now to ensure they are eligible for award of new contracts, task…