To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
1/8/2025
/ Artificial Intelligence ,
Compliance ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Department of Defense (DOD) ,
DFARS ,
Enforcement ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
FedRAMP ,
National Security ,
Reporting Requirements ,
Risk Management ,
Software
It’s been a hot summer so far but Federal Risk and Authorization Program (“FedRAMP”) is just starting to heat up. In June, FedRAMP (the Federal government’s program for security authorizations for cloud solutions) released...more
On March 28, 2024, the Office of Management and Budget (“OMB”) issued Memorandum M-24-10, Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (the “Memo”). This is the final version...more
4/30/2024
/ Artificial Intelligence ,
Data Privacy ,
Data Security ,
OMB ,
Policy Memorandums ,
Regulatory Agencies ,
Regulatory Agenda ,
Request For Information ,
Risk Assessment ,
Risk Management ,
Technology
In January 2022, we warned software companies selling indirectly against attempting to enforce the terms of their End User License Agreement (“EULA”) directly against the Federal Government based on the decision of the...more
On January 26, 2024, the Federal Risk and Authorization Management Program (“FedRAMP”) published a draft Emerging Technology Prioritization Framework developed in response to President Biden’s Executive Order 14110 on Safe,...more
In a previous article, we analyzed what made protests successful at the Government Accountability Office (“GAO”) in Fiscal Year 2023 (“FY23”). Now, we want to share some insights we gained while conducting the same analysis...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
To kick off the New Year, Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2023 Recap (including links to all of the resources the team has put out over the...more
2/9/2024
/ Cloud Computing ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Data Protection ,
Data Rights ,
Data Security ,
Department of Defense (DOD) ,
Enforcement Actions ,
Federal Contractors ,
FedRAMP ,
Fraud ,
Privacy Laws ,
Software
Since the beginning of Fiscal Year 2024, the Government Accountability Office has published 35 decisions, but only two of which resulted in decisions sustaining the challenge. As contracting activities are busy awarding new...more
Ever wonder what it takes to win a protest?
With GAO’s statistics for Fiscal Year 2023 (“FY 23”) just released, we thought now is the perfect time to share some insights we gained by reading every published decision in...more
On October 27, 2023, the Office of Management and Budget (“OMB”) released a draft memorandum for public comment regarding Modernizing the Federal Risk and Authorization Management Program (“FedRAMP”) (the “Draft Memo”). The...more
Welcome back to the Cost Corner, where we provide practical insight into the complex cost and pricing requirements that apply to Government contractors. The March 2023 Cost Corner introduced the three principle categories of...more
While you were asking ChatGPT to create a 3-course menu for the upcoming book club you’re hosting or to explain the Rule Against Perpetuities, several federal government agencies announced initiatives related to the use of...more
5/1/2023
/ Artificial Intelligence ,
Automated Systems ,
Bots ,
Consumer Financial Protection Bureau (CFPB) ,
Copyright ,
Department of Justice (DOJ) ,
Equal Employment Opportunity Commission (EEOC) ,
Federal Trade Commission (FTC) ,
Infringement ,
Machine Learning ,
NIST ,
Open Source Software ,
Patents ,
Rule Against Perpetuities ,
Technology Sector
The Federal Risk and Authorization Management Program (FedRAMP) Program Management Office recently released a revised version of its Obligations and Compliance Standards document for third party assessors – the organizations...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October...more
You might be wondering, “What’s so important about Organizational Conflicts of Interest (“OCIs”)?” The answer is fairly simple: understanding both what causes OCIs and how to mitigate them are critical because unmitigated...more
Software companies selling indirectly to the Federal Government finally received an answer to a question that has lingered for years – can a software company going to market through a reseller bring a direct claim under the...more
Federal contractors and subcontractors across the country were forced to rethink their COVID-safety efforts when, on December 7, the U.S. District Court for the Southern District of Georgia enjoined enforcement of Executive...more
12/9/2021
/ Biden Administration ,
Constitutional Challenges ,
Coronavirus/COVID-19 ,
Employees ,
Employer Liability Issues ,
Employer Mandates ,
Executive Orders ,
Federal Contractors ,
Federal Employees ,
Injunctions ,
Masks ,
Multidistrict Litigation ,
OSHA ,
Social Distancing ,
State and Local Government ,
Stays ,
Subcontractors ,
Vaccinations ,
Virus Testing
The National Institute of Standards and Technology (“NIST”) is seeking comments on its second draft of NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on October...more
11/11/2021
/ Biden Administration ,
Cybersecurity ,
Data Security ,
Executive Orders ,
Federal Contractors ,
Government Agencies ,
Information Technology ,
NIST ,
Risk Management ,
Software ,
Supply Chain ,
Technology
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-160, Volume 2, Revision 1, “Developing Cyber-Resilient Systems: A Systems Security Engineering Approach,” and draft NIST...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13,...more
The National Institute of Standards and Technology (“NIST”) is seeking comments on its draft NIST SP 800-161 Rev. 1, “Cyber Supply Chain Risk Management Practices for Systems and Organizations,” published on April 29, 2021....more
5/27/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Executive Orders ,
Information Technology ,
NIST ,
Popular ,
Software ,
Supply Chain ,
Technology
On January 1, 2021, Congress overrode President Trump’s veto of the Fiscal Year (“FY”) 2021 National Defense Authorization Act (“NDAA”) (the “Act”), Pub. L. No. 116-283. The $740 billion defense bill establishes funding...more
As companies continue to review the CARES Act to determine what assistance may be available to them, we have prepared a user-friendly checklist to assist them in getting a quick sense of what works for them...
...more