Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.

Subscribe to all posts by Susan B. Cassidy

New FAR Rule Expands Counterfeit Reporting Obligations

Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1]  This Final Rule comes more than five years after the rule was first proposed in … Continue Reading

DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification

On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading

CISA Information and Communications Technology Supply Chain Risk Management Task Force Issues New Interim Report

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management Task Force (the “Task Force”) recently released an interim public report.  The report describes the Task Force’s efforts over the last year to develop recommendations for securing the Government’s supply chain, and outlines the potential … Continue Reading

Navy Modifies Acquisition Supplement to Tighten Cybersecurity Requirements and Implement the Geurts Memorandum

Almost a year after Assistant Secretary of the Navy James Geurts issued his September 28, 2018 memorandum (Geurts Memo) imposing enhanced security controls on “critical” Navy programs, the Navy has issued an update to the Navy Marine Corps Acquisition Regulations Supplement (NMCARS) to implement those changes more formally across the Navy.  Pursuant to this update, a new … Continue Reading

DoD Releases Public Draft of Cybersecurity Maturity Model Certification and Seeks Industry Input

On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment.  The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading

Section 889 Update: First Wave of Acquisition Prohibitions Take Effect

The FAR Council released an Interim Rule in August implementing part of Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019.  In this briefing, we highlight points where the Interim Rule provides clarity; definitional issues that remain unresolved; and new procedural requirements that government contractors should track. The Interim … Continue Reading

DoD Announces the Cybersecurity Maturity Model Certification (CMMC) Initiative

The Department of Defense (“DoD”) recently announced the development of the ”Cybersecurity Maturity Model Certification” (“CMMC”), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base (“DIB”), particularly as it relates to controlled unclassified information (“CUI”) within the supply chain. The Office of the Under Secretary of Defense for Acquisition … Continue Reading

NIST Announces and Seeks Public Comment on 800-171 Update and Related Documents

On June 19, 2019, the National Institute of Standards and Technology (“NIST”) announced the long-awaited update to Special Publication (“SP”) 800-171 Rev. 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which includes three separate but related documents.… Continue Reading

Senate Armed Services Subcommittee on Cybersecurity Holds Hearing to Discuss the Responsibilities of the Defense Industrial Base

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”). To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General … Continue Reading

Keeping Up With DoD Cybersecurity Compliance Demands

(This article was originally published in Law360 and has been modified for this blog.) On Jan. 21, 2019, Ellen Lord, the Under Secretary of Defense for Acquisition and Sustainment, issued a memorandum focused on assessing contractor compliance with the DFARS cyber clause via audits of a Contractor’s purchasing system.[1]  One intent of this guidance is … Continue Reading

When Compliance Is Not Enough: OIG Seeks Voluntary Refund Despite Contractor’s Adherence to “TINA” Requirements

On February 25, 2019, the Office of Inspector General (“OIG”) for the Department of Defense (“DoD”) issued an audit report analyzing the prices of spare aviation parts purchased by the Defense Logistics Agency (“DLA”) and the Army from TransDigm Group, Inc. (“TransDigm”).  The audit was conducted in response to letters from certain Members of Congress, … Continue Reading

DoD Continues to Up the Ante on Cybersecurity Compliance for Contractors

Compliance with the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is only the beginning for contractors that receive controlled defense information (CDI) in performance of Department of Defense (DoD) contracts and subcontracts.  Faced with an evolving cyber threat, DoD contractors have experienced an increased emphasis on protecting DoD’s … Continue Reading

Surviving the Shutdown: Seven Things Contractors Should Consider If a Cost Overrun Is on the Horizon

The U.S. Government shutdown is now the longest in U.S. history and is starting to have serious implications for Government contractors.  One of many key concerns arises when contractors approach their contract funding ceiling — can they continue to work, and what happens if there is a cost overrun?[1] The answers are often complicated for both … Continue Reading

Jumping to Exclusions: New Law Provides Government-Wide Exclusion Authorities to Address Supply Chain Risks

On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security:  mitigating supply chain risk.  On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390).  … Continue Reading

DoD Issues Final Guidance for Assessing Contractor Compliance with NIST SP 800-171

The Department of Defense (DoD) recently issued final guidance for requiring activities to assess contractors’ System Security Plans (SSPs) and their implementation of the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.  A draft of this guidance was made available for public comment in April 2018.  As noted in … Continue Reading

“Economic Security Is National Security”: Key Takeaways from the Defense Industrial Base Report

(This article was originally published in Law360 and has been modified for this blog.) Peter Navarro, assistant to the president for trade and manufacturing policy, recently offered in a New York Times op-ed that “[a] strong manufacturing base is critical to both economic prosperity and national defense.” The Trump Administration’s maxim that “economic security is … Continue Reading

2018 DoD Cyber Strategy: The DoD Defends Forward While the DIB Must Defend its Cyber Practices

The Department of Defense (“DoD”) recently released the summary of its cyber strategy for 2018.  The 2018 DoD Cyber Strategy, which replaces the DoD’s 2015 cyber strategy, is focused broadly on “defending forward,” shaping day-to-day competition, and preparing for conflict.  But the strategy includes items that are sure to be of interest to contractors and … Continue Reading

Takeaways From DoD’s Proposed Changes to Commercial Item Contracting

[This article was originally published in Law360 and has been modified for the blog.] Over the summer, pursuant to Section 874 of the FY 2017 National Defense Authorization Act (“NDAA”)[1], the Department of Defense (“DoD”) issued a proposed rule[2] to exclude the application of certain laws and regulations to the acquisition of commercial items, including … Continue Reading

NIST to Host CUI Information Security Workshop

The National Institute of Standards and Technology (NIST), in coordination with the Department of Defense (DoD) and the National Archives and Records Administration (NARA), will host a Workshop providing an overview of Controlled Unclassified Information (CUI) on October 18, 2018. The agenda for the Workshop shows a full day of panels, including those addressing DoD’s “Safeguarding Covered Defense Information … Continue Reading

Covington Artificial Intelligence Update: Department of Defense Establishes Joint Artificial Intelligence Center

In a memorandum issued June 27, 2018, Deputy Secretary of Defense Patrick Shanahan ordered the establishment of the Joint Artificial Intelligence Center (“JAIC”) within DoD.  The JAIC will report to DoD Chief Information Officer (“CIO”) Dana Deasey and has the “overarching goal of accelerating the delivery of AI-enabled capabilities, scaling the Department-wide impact of AI, … Continue Reading

Covington Artificial Intelligence Update: GAO Testimony Before Congress Regarding Emerging Opportunities, Challenges, and Implications for Policy and Research with Artificial Intelligence

Timothy M. Persons, GAO Chief Scientist Applied Research and Methods, recently provided testimony on artificial intelligence (“AI”) before the House of Representatives’ Subcommittees on Research and Technology and Energy, Committee on Science, Space, and Technology.  Specifically, his testimony summarized a prior GAO technological assessment on AI from March 2018.  Persons’ statement addressed three areas:  (1) … Continue Reading

DoD Seeks Streamlined Procurements of Innovative Technologies – Other Transaction Agreements and the Commercial Solutions Opening Pilot Program

The Department of Defense (DoD) has once again emphasized its willingness to engage with commercial companies and other non-traditional contractors to try to expedite and simplify its procurement of innovative technologies. In particular, the Defense Information Systems Agency (DISA) indicated that it plans to enter directly into Other Transaction Authority (OTA) agreements, and DoD issued a … Continue Reading

Senate Armed Services Committee Proposes Expansive but Unclear Software Review Provisions

As the Senate approaches the end of its debate on the National Defense Authorization Act for Fiscal Year 2019, provisions of the bill regarding access to and review of information technology code deserve close attention.  These sections, if enacted, would significantly impact Department of Defense contractors and also would affect matters associated with investments subject … Continue Reading

Congress Aims to Redefine the “Subcontract”

[Updated August 13, 2018] If an agreement qualifies as a “subcontract” under a government contract, then it may be subject to certain flow-down, compliance, and reporting requirements.  These requirements are intended to protect the government’s interests, and have significant ramifications for contractors, e.g., increasing transaction costs, expanding potential areas of exposure.  These compliance obligations and … Continue Reading
LexBlog