Compliance & Enforcement

Subscribe to Compliance & Enforcement via RSS
Computer laptop online protection shield on internet browser web site or pc with secure connection website vector flat cartoon illustration, security or privacy data access modern design image

On August 22, 2024, the Department of Justice (DOJ) filed a complaint-in-intervention in a previously filed whistleblower suit under the qui tam provisions of the False Claims Act (FCA) against the Georgia Institute of Technology (Georgia Tech) and Georgia Tech Research Corp. (GTRC), an affiliate of Georgie Tech, for falsely representing its compliance with Department of Defense (DoD) cybersecurity requirements. Former and current Georgia Tech cybersecurity team employees brought the initial whistleblower lawsuit. Continue Reading DOJ Looks To Sting Georgia Tech Under the False Claims Act: The Perils of Cybersecurity Non-Compliance

3D Isometric Flat Vector Conceptual Illustration of Regulatory Compliance.

On December 26, 2023, the U.S. Department of Defense (DoD) published the much anticipated proposed rule for the revamped Cybersecurity Maturity Model Certification (CMMC) 2.0 Program.

Following growing concerns within DoD that contractors were not consistently implementing the cybersecurity requirements of DFARS 252.204-2012, DoD responded with the creation of the CMMC Program in 2019 to move away from a “self-attestation” model of security. The CMMC Program’s purpose is for contractors and subcontractors to demonstrate that Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) being processed, stored, or transmitted is adequately safeguarded. CMMC builds from existing cybersecurity requirements by requiring that contractors and subcontractors undergo Self-Assessments, Third-Party Assessments, or Government Assessments, as required, to ensure that mandated information protection requirements have been implemented. Continue Reading Happy New Year From DoD – The Proposed CMMC Rule Is Here

Programming and password concept

On October 3, 2023, the FAR Council released two proposed rules for federal contractor cybersecurity requirements that relate to cyber threat and incident reporting and information sharing (case 2021-017) and standardizing cybersecurity requirements for unclassified federal information systems (case 2021-019). Both proposed rules not only provide new requirements for federal contractors to follow but also provide new definitions and contract provisions for information and contract technology and federal information systems contracts. Continue Reading New Proposed Cybersecurity Rules Mean Big Changes for Federal Contractors

Illustration of red and white calendar with circled date in red against sky blue background

On August 19, 2022, the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) published a notice regarding a Freedom of Information Act (FOIA) request from the Center for Investigative Reporting (CIR) for all Type 2 Consolidated Employer Information Reports, Standard Form 100 (EEO-1 Report), filed by all federal contractors, including “first-tier subcontractors,” (covered contractors) from 2016-2020.
Continue Reading OFCCP Issues September 19 Deadline for Federal Contractors to Object to Disclosure of EEO-1 Data

Hand with red string wrapped around index finger vector against teal background

On July 14, 2022, the Department of Labor (DOL) issued a proposed rule that would require contractors and subcontractors performing covered service contracts to offer, in good faith, service employees employed under the predecessor contract the right of first refusal of employment under the successor contract. The proposed rule implements President Biden’s November 18, 2021 Executive Order 14055, Nondisplacement of Qualified Workers Under Service Contracts (the order). In sum, the order establishes a general policy for the federal government that “service contracts which succeed contracts for the same or similar services, and solicitations for such contracts, shall include a non-displacement clause.”
Continue Reading Don’t You Forget About Me: DOL’s Proposed Rule on the Right of First Refusal in Service Contracts

Covid-19 vaccination record card with vials and syringe.

Last week, the Biden administration updated its position regarding enforcement of the COVID-19 vaccine mandate for federal contractors in response to the nationwide preliminary injunction issued by a U.S. District Court judge in Georgia. In our previous post on this topic, we questioned whether the administration would still attempt to enforce the vaccine mandate for contracts that already include the clauses mandating vaccinations. Thankfully, the administration resolved much of that uncertainty in its updated position by confirming that it will generally not enforce the mandate. However, it stopped short of a blanket policy of non-enforcement.
Continue Reading Biden Administration Updates Contractor Vaccine Mandate Guidance in Response to Nationwide Preliminary Injunction

COVID-19 Legal Updates Social Media

On December 7, 2021, a federal judge issued a nationwide injunction that, for the time being, halts the COVID-19 vaccine mandate for federal contractors. The injunction is a preliminary injunction, the purpose of which is to preserve the status quo until a final judgment can be reached. This means the injunction will stay in place until the court reaches a final ruling on the merits of the case.
Continue Reading Vaccine Mandate for Federal Contractors on Hold

Programming and password concept - graphic

On November 4, 2021, the Department of Defense (DOD) announced it is revamping the Cybersecurity Maturity Model Certification program. The changes are intended to make the program more streamlined and flexible, which, in turn, will make it easier (and cheaper) for contractors to implement. Details of the revised program are limited, but some of the highlights include:

  • Fewer Levels: CMMC 2.0 will have only three levels of certification rather than five, and they will align more closely with existing cybersecurity standards. For example, Level 2 will align with NIST SP 800-171, the standard that applies when contractors handle controlled unclassified information.

Continue Reading DOD Announces CMMC 2.0; Cancels Rollout of CMMC 1.0

Covid-19 vaccination record card with vials and syringe.

In our last post, we detailed President Biden’s Executive Order 14042 regarding vaccination requirements for government contractors. The order made clear that a new clause requiring vaccinations would be included in new contracts in the near future, but questions remained about which employees would ultimately be subject to the requirements. On September 24, 2021, the Safer Federal Workforce Task Force (Task Force) issued guidance that answered many of those questions.
Continue Reading New Guidance on the Vaccination Mandate for Federal Contractors

Covid-19 vaccination record card with vials and syringe.

Government contractors and subcontractors will need to learn—quickly–how to navigate new COVID-19 requirements. On September 9, 2021, President Biden issued an executive order (the order) imposing COVID-19 vaccine and testing requirements on government contractors and subcontractors. The new requirements will start appearing in contracts in a matter of weeks. Below are the key points that federal contractors need to know.

How will the vaccine requirement be implemented?

The order directs all executive departments and agencies to begin including a new and yet unwritten clause in solicitations, contracts, and contract-like instruments. The clause must state that the contractor will comply with all guidance issued by the Safer Federal Workforce Task Force (Task Force) that pertains to a contractor or subcontractor’s workplace locations.Continue Reading New COVID-19 Vaccination Requirements for Government Contractors