Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
Intellectual Property In Department of Defense Contracting
Additional Compensation from the Government: A Brief Comparison of REAs and Claims
Webinar: Trademarks and Government Contracting
Buy American: What Government Contractors Need to Know
Federal Contracting Overseas: Insider Tips for Ensuring Compliance with Host Country Laws
Navigating the FAR/DFARS: The Most Confusing and Little Known Clauses
Government Contracts Cyber Café: 2019 Wrap Up and Privacy, CMMC, and GRC in 2020
The Government Contracts Cyber Café: Recent Developments Update
Government Contracts Cyber Café Series: An Inside Look at DFARS Compliance Data
Government Contracts Cyber Café - Crisis Management: Beyond Compliance
Federal Cybersecurity Requirements
Once a term sheet is in place, buyers must conduct thorough due diligence to uncover potential risks and liabilities. In the aerospace and defense sector, due diligence extends beyond financials to regulatory compliance,...more
Cyber-attacks against America’s defense industrial base are becoming more sophisticated and more frequent. To reduce the risk of sensitive national security information landing in the hands of bad actors, the Department of...more
On May 1, 2025, the U.S. Department of Justice announced an $8.4 million settlement agreement with several defense contract companies (“companies”) resolving alleged violations of the False Claims Act. The settlement...more
On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more
On January 15, 2025, the FAR Council finally released a proposed rule (the Rule)1 regulating the use and handling of controlled unclassified information (CUI) as a part of the general strategy to reduce threats of...more
Earlier this year, the FAR Council issued a proposed rule to implement the Controlled Unclassified Information (CUI) Program as it relates to federal contracts. The proposed rule is "just one element of a larger strategy to...more
The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of...more
The Federal Acquisition Regulation (FAR) Council issued its long awaited proposed rule on Controlled Unclassified Information (CUI) on January 15, 2025. The proposed rule establishes a common form to be used by all federal...more
On January 15, 2025, the Department of Defense (DOD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) (collectively, “the FAR Council”) issued a long-anticipated proposed...more
Over the last two decades, federal contractors have been frustrated by the Government’s hodgepodge approach to regulating Controlled Unclassified Information (CUI). Various agencies have implemented differing definitions,...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more
The Department of Justice (DOJ) secured another win for its Civil Cyber-Fraud Initiative last week when it resolved a False Claims Act (FCA) action[1] alleging Pennsylvania State University (Penn State) failed to comply with...more
Following a multi-year rollout process, the U.S. Department of Defense published a final rule on October 15, 2024, establishing its Cybersecurity Maturity Model Certification Program to protect sensitive unclassified...more
On October 15, 2024, the Department of Defense (“DoD”) published the final version of its rule implementing the Cybersecurity Maturity Model Certification (“CMMC”) Program under Title 32 of the Code of Federal Regulations...more
After a nearly five-year rulemaking process, the U.S. Department of Defense (DoD) published the Final Cybersecurity Maturity Model Certification 2.0 (CMMC) program rule in the Federal Register on Oct. 15, 2024, codified at 32...more
On Tuesday, October 15, 2024, the U.S. Department of Defense (“DOD”) issued its final rule for its much anticipated Cybersecurity Maturity Model Certification (“CMMC”) program. The CMMC program will eventually require one of...more
Since 2016, the federal government has implemented numerous procurement regulations and associated contract clauses to address cybersecurity by requiring contractors to adopt various controls and standards to protect...more
Cybersecurity Maturity Model Certification (CMMC) is coming — and now appears to be coming faster than many defense contractors believed. In the latest signal of CMMC’s forward momentum, the Department of Defense (DoD) issued...more
Some might say there’s little difference between dealing with the devil and being a federal contractor. And for the unwary or unprepared, that may not be far off. Federal contracting comes with a litany of “fine print” that...more
On August 15, 2024, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the Cybersecurity...more
The United States Department of Defense (DoD) took another big step on the path to instituting its highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0). Once finalized, CMMC 2.0 will establish...more