This is the twenty-fourth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through March 2023. This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during April 2023.
Final FAR Climate Disclosure Rule Likely to Impose Increased Compliance Burden and Responsibility Risks
Summary
The Department of Defense, General Services Administration, and the National Aeronautics and Space Administration have issued a proposed rule that would revise the Federal Acquisition Regulations (“FAR”) to implement section 5(b)(i) of Executive Order (“E.O.”) 14030, Climate-Related Financial Risk, requiring government contractors to publicly disclose greenhouse gas (“GHG”) emissions and climate-related financial risk and
March 2023 Developments Under President Biden’s Cybersecurity Executive Order
This is the twenty-third in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through February 2023. This blog describes key actions taken to implement the Cyber EO during March 2023.
Continue Reading March 2023 Developments Under President Biden’s Cybersecurity Executive Order
Amici Curiae Submit Brief Urging Supreme Court to Adopt “Objectively Reasonable” FCA Knowledge Standard
The Coalition for Government Procurement and the National Defense Industrial Association filed an amicus brief in the consolidated Supreme Court cases United States ex rel. Schutte v. SuperValu, Inc. and United States ex rel. Proctor v. Safeway, Inc. The brief urges the Court to hold, consistent with the decisions of multiple federal courts of appeals, that a defendant cannot be liable under the False Claims Act (“FCA”) for “knowingly” submitting a “false” claim if (1) it acted in accordance with an objectively reasonable reading of an ambiguous statute, regulation, or contract provision and (2) there was no authoritative guidance warning it away from that interpretation. The Amici are represented by Covington & Burling LLP.
In SuperValu and Safeway, the Court is asked to resolve questions over the role that subjective intent plays in evaluating whether a defendant satisfies the FCA’s “knowledge” requirement. Petitioners argue that a contractor can be liable under the FCA for submitting a claim that is premised on an objectively reasonable interpretation of an ambiguous legal provision if the contractor recognized that the provision could be interpreted a different way. However, as the amicus brief explains, such a claim cannot be false for alleged noncompliance with the ambiguous legal provision that has not otherwise been clarified by authoritative guidance. Nor can such a contractor knowingly submit a false claim just because it was aware that the legal obligation may be interpreted differently.
February 2023 Developments Under President Biden’s Cybersecurity Executive Order
This is the twenty-second in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through January 2023. This blog describes key actions taken to implement the Cyber EO during February 2023.
Continue Reading February 2023 Developments Under President Biden’s Cybersecurity Executive Order
January 2023 Developments Under President Biden’s Cybersecurity Executive Order
This is the twenty-first in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through December 2022. This blog describes key actions taken to implement the Cyber EO during January 2023.
Continue Reading January 2023 Developments Under President Biden’s Cybersecurity Executive Order
December 2022 Developments Under President Biden’s Cybersecurity Executive Order
This is the twentieth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blogsummarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through November 2022. This blog describes key actions taken to implement the Cyber EO during December 2022.
Continue Reading December 2022 Developments Under President Biden’s Cybersecurity Executive Order
FY2023 NDAA Makes Notable Changes to FedRAMP Program
On December 23, 2022, President Biden signed the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (the “FY2023 NDAA”) into law. As described in Covington’s Client Alert, FY23 NDAA: Provisions of Interest for Almost All Government Contractors, the FY23 NDAA contains provisions of interest for almost all U.S. Government contractors. One provision likely to be of particular interest to U.S. contractors who provide or plan to provide cloud computing services to the U.S. Government is the FedRAMP Authorization Act (the “Act”), which codifies the Federal Risk and Authorization Management Program (“FedRAMP”).
Of note, the Act creates a “presumption of adequacy” that cloud providers with authorization from one agency can use that authorization with other agencies. This is an expansion compared to the current process which allows authorizations by the FedRAMP Joint Authorization Board, but not authorizations from individual agencies, to serve as the basis for an agency’s own authorization process. It also creates the Federal Secure Cloud Advisory Committee, comprised of 15 members of the public and private sector, to provide recommendations regarding FedRAMP and the acquisition of cloud services more generally.
Continue Reading FY2023 NDAA Makes Notable Changes to FedRAMP Program
November 2022 Developments Under President Biden’s Cybersecurity Executive Order
This is the nineteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to
October 2022 Developments Under President Biden’s Cybersecurity Executive Order
This is the eighteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to