Search PillsburyLaw.com
  • All
  • Lawyers
  • Capabilities
  • Insights

Service

Cyber Compliance in Government Contracts

Contact

Meghan D. Doherty
Partner, Northern Virginia
T: +1.703.770.7519
See All Professionals

Areas of Focus

Our experienced government contracts lawyers are members of Pillsbury’s national Cybersecurity, Data Protection and Privacy practice that The Legal 500 U.S. ranked as an industry leader in 2018 – 2021.

We offer unique insight and guidance in connection with critical security, data protection and privacy law issues. Our team focuses on assisting government contractors and their supply chain in complying with all aspects of the cybersecurity regulations incorporated in Department of Defense (DoD) Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.

Government contractors face new challenges as the federal government evolves its business practices to require cybersecurity throughout the supply chain. Contractors now must ensure that both their own systems and those of their suppliers comport with National Institute of Standards and Technology (NIST) requirements, including NIST 800-171 (“Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”). In fact, DoD intends to make cybersecurity compliance a requirement for companies performing DoD contracts or subcontracts. As part of this effort, DoD is in the process of rolling out the Cybersecurity Maturity Model (CMMC) framework. Under this framework, nearly all DoD contractors, subcontractors and suppliers at every level will be required to certify their compliance with certain cybersecurity standards before receiving new DoD contracts. A failure to plan accordingly thus may prevent unprepared contractors from receiving contract awards. In addition, the Federal Risk and Authorization Management Program (FedRAMP) requires that federal contractors providing cloud computing services to the U.S. government demonstrate compliance with cybersecurity requirements at the appropriate risk level. FedRAMP has established processes for achieving a FedRAMP authorization, which is required to provide cloud services to federal agencies.

View More

Pillsbury has counseled large prime contractors and small businesses on the nuances of this burgeoning area of law. Our team assists contractors in drafting access requirements and subcontractor flow downs, which now include the requirement to identify and limit the dissemination of Controlled Unclassified Information (CUI). We have assisted clients with privileged compliance audits, investigations and incident reporting. Also, in conjunction with our government contracts Financial Issues team, we evaluate contractor cost recovery options under various contracting types to determine whether contractors are entitled to be reimbursed for the implementation of these new requirements.

Representative Experience

  • Assisted a large telecommunications company in its preparation for CMMC.
  • Counseled a large defense contractor on mitigating supply chain risks related to its handling and storage of CUI.
  • Counseled a large prime contractor on its crisis response and reporting requirements after it suffered a ransomware attack.

View More

  • Counseled a large public utility on its DFARS 252.204-7012 compliance and reporting requirements.
  • Counseled a design/build contractor on amending subcontractor terms and conditions to comply with cybersecurity requirements.

Resources

2022 Law360 Practice Group of the Year

Pillsbury's Government Contracts team named Practice Group of the Year by Law360

Related Insights

View More
View All