Administrative

To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the past year) and 2024 Forecast (that previews what we expect to see in 2024). This Recap & Forecast covers the following five high-interest topic areas related to cybersecurity and data protection:
Continue Reading Governmental Practice Cybersecurity and Data Protection, 2023 Recap & 2024 Forecast Alert

Since our last Bid Protest Hub article in November, the Government Accountability Office (“GAO”) has published 37 bid protest decisions, two of which have resulted in decisions sustaining the protester’s challenge. As we enter into the new year, it remains critical for government contractors to understand what issues win at the GAO and why. Below, we cover a few important GAO decisions you should know from December 2023.
Continue Reading Bid Protest Hub – December 2023

Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. This is the third article in a multi-part series on the Federal Acquisition Regulation (“FAR”) Cost Principles applicable to contracts with commercial organizations. The first article in the series addressed the criteria for determining the allowability of costs. The second addressed the allocation of direct and indirect costs. This Cost Corner focuses accounting for unallowable costs. The applicable Cost Principle is FAR 31.201-6, Accounting for Unallowable Costs. Among other requirements, FAR 31.201-6 incorporates by reference the practices
Continue Reading Government Contracts Cost and Pricing: Accounting for Unallowable Costs

Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. This is the second article in a multi-part series on the Federal Acquisition Regulation (FAR) Cost Principles applicable to contracts with commercial organizations. The previous Cost Corner addressed the applicability of the Cost Principles and their general criteria for determining the allowability of costs. This Cost Corner focuses on the allocation of direct and indirect costs. We will address the applicable Cost Principles (FAR 31.202 and FAR 31.203) as well as the overlapping provisions of the Cost
Continue Reading Government Contracts Cost and Pricing: Allocation of Direct and Indirect Costs

On November 30, 2023, the Inspector General of the Department of Defense (“DoD IG”) released a Special Report: Common Cybersecurity Weaknesses Related to the Protection of DoD Controlled Unclassified Information on Contractor Networks (the “Report”). Between 2018 and 2023, the DoD IG reports it conducted five audits related to DoD contractors’ protection of Controlled Unclassified Information (“CUI”), in accordance with the cybersecurity requirements in National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171. Additionally, the Report states that since 2022, the DoD IG has provided support/assessments for five investigations under the Department of Justice’s (“DOJ”) Civil Cyber Fraud
Continue Reading DoD IG Report Provides Insight Into Common Missteps When Protecting CUI

On December 12, 2023, the Department of Justice (“DOJ”) issued guidance related to the process by which companies may request the United States Attorney General authorize delays of cyber incident disclosures, pursuant to a new Securities and Exchange Commission (“SEC”) rule. As a reminder, the SEC rule (which went into effect on Dec. 18, 2023) requires companies to disclose material cyber incidents via Form 8-K within four days of making a materiality determination. Our colleagues previously discussed the SEC rule and its new cyber reporting requirements here.
Continue Reading For Limited Use Only: Guidance on National Security Delay Determinations under the SEC Cyber Reporting Rule

Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”) program (the “Proposed Rule”). It has been just over two years since “CMMC 2.0” was announced in November 2021 (which we previously discussed here). And while there is nothing particularly surprising in the Proposed Rule, there certainly are several notable additions and clarifications. Below we outline the key portions of the Proposed Rule that will be of particular importance to defense contractors.
Continue Reading New Year, New Rules: The CMMC Proposed Rule is Here

On November 17, 2023, the Department of Defense (“DOD”) published a Final Rule – over five years in the making – addressing DOD policies regarding the applicability of laws to commercial products, commercial services, and commercially available off-the-shelf (“COTS”) products (DFARS Case 2017-D010). Partially implementing Section 874 of the Fiscal Year 2017 National Defense Authorization Act, DOD has imposed new regulations that expressly prohibit Contracting Officers (“CO”) and prime contractors alike from incorporating regulatory requirements of the Federal Acquisition Regulation (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”) in prime contracts and subcontracts unless mandated by regulatory text.
Continue Reading It’s the Most Wonderful Time for New DOD Flow Down Policies: Flowing Down Too Many Clauses Will Get Prime Contractors More Than a Lump of Coal

In addition to prohibiting the flow-down of non-mandatory FAR/DFARS clauses (which we talk about here), the Department of Defense (“DOD”) Final Rule in connection with the Defense Federal Acquisition Regulation Supplement (“DFARS”) Case 2017-D010 also touched on the decades-long debate as to which entities actually are subcontractors performing under a Federal prime contract. Yes, you read that correctly – there is no single definition for the terms “subcontract” or “subcontractor.” After almost 40 years of confusion, it appears the DFARS and Federal Acquisition Regulation (“FAR”) Councils are trying to end the debate once and for all.
Continue Reading New Year, (Potentially) New Definition for “Subcontract”

Since the beginning of Fiscal Year 2024, the Government Accountability Office has published 35 decisions, but only two of which resulted in decisions sustaining the challenge. As contracting activities are busy awarding new contracts, it is important to follow the trends related to successful and effective protests as you consider filing your own bid protest, or as you defend your award as an intervenor. Below we dive into recent bid protest decisions and identify what won, what did not win, and why.
Continue Reading Bid Protest Hub – November 2023

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional comments through December 18, 2023. This is an important opportunity for software producers (and others) to provide input that will help shape the future of software supply chain regulations. At a time when the federal government is struggling to harmonize myriad rules on cybersecurity and supply chain, recommendations from industry will be key.
Continue Reading Update: CISA Seeks Additional Input from Software Providers on Security Attestation Form

On October 30, 2023, the White House issued an Executive Order focusing on safe, secure and trustworthy AI and laying out a national policy on AI. In stark contrast to the EU, which through the soon to be enacted AI Act is focused primarily on regulating uses of AI that are unacceptable or high risk, the Executive Order focuses on responsible use of AI as well as developers, the data they use and the tools they create. The goal is to ensure that AI systems used by government and the private sector are safe, secure, and trustworthy. The Executive Order
Continue Reading Flash Briefing on White House Executive Order on AI Regulation and Policy

Ever wonder what it takes to win a protest? 

With GAO’s statistics for Fiscal Year 2023 (“FY 23”) just released, we thought now is the perfect time to share some insights we gained by reading every published decision in which GAO sustained a protest during FY 23. GAO saw a rise in cases in Fiscal Year 2023 – up 22% from last year, or 2,025 cases, and it conducted hearings in 22 cases, compared to only two last year. GAO’s statistics from Fiscal Year 2022 showed a relatively steady sustain rate percentage hovering between 13% and 15% of the decisions on
Continue Reading If Past is Prologue – What Made Protests Successful in Fiscal Year 2023?

In Securities & Exchange Commission v. Govil, No. 22-1658, 2023 WL 7137291 (2d Cir. Oct. 31, 2023), the United States Court of Appeals for the Second Circuit dealt a setback to the enforcement agenda of the Securities and Exchange Commission (“SEC”) by limiting its ability to seek disgorgement under 15 U.S.C. § 78u(d)(5) and (7) to situations in which the regulator can demonstrate investors have suffered pecuniary harm.
Continue Reading Second Circuit Reins in SEC Disgorgement Powers

On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (“FedRAMP”) (the “Draft Memo”). The Draft Memo comes almost one year after Congress passed the FedRAMP Authorization Act (the “Act”) as part of the Fiscal Year 2023 National Defense Authorization Act, which codified FedRAMP.
Continue Reading Time for An Upgrade: OMB Releases Draft Memorandum Modernizing FedRAMP

The COVID-19 Pandemic wreaked havoc on many businesses. For others, though, it created new opportunities to sell to the federal government, including an unprecedented demand for personal protective equipment (“PPE”), COVID tests, and vaccines. Perhaps your company found itself as a first-time government contractor, or you started selling products to the government that you had never sold before. If your government contract went smoothly, congratulations! If not, you may be left wondering who will pay for unexpected increased costs of performance, or how you can defend against the government’s claims to recoup overpayments or liquidated damages. 
Continue Reading Don’t Leave Money on the Table from Your Pandemic-Era Healthcare Procurement Contract