Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.

Subscribe to all posts by Susan B. Cassidy

CISA Information and Communications Technology Supply Chain Risk Management Task Force Releases New Guidance on Security Resiliency

On May 5, 2020 the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management (“SCRM”) Task Force (the “Task Force”) released a six-step guide for organizations to start implementing organizational SCRM practices to improve their overall security resilience.  The Task Force also released a revised … Continue Reading

Can I Recover the Added Costs of Work Caused by COVID-19?

As the fallout from COVID-19 continues, federal contractors in every industry are seeing significant impacts on their ability to perform, ranging from scheduling delays to supply chain interruptions and increased costs of performance.  We previously addressed the rules and regulations governing excusable delays, which permit a contractor to avoid default if a failure to perform … Continue Reading

The Show Must Go On: Mission-Essential Services During the Coronavirus Outbreak

As the COVID-19 virus extends its global reach, defense contractors may be called upon to begin implementing their contracts’ mission-essential services plans. These plans, required by DFARS 252.237-7023, facilitate mission-essential functions in extended crisis situations, including pandemics, which are explicitly noted in the DFARS. As the coronavirus outbreak continues, defense contractors should check whether their … Continue Reading

“Excuse Me, My Performance Has been Interrupted”– How Excusable Delay Provisions in the FAR May Help Federal Contractors Affected by the Coronavirus

The global spread of the COVID-19 virus may put many federal contractors at risk of missing contractual deadlines. In a growing number of cases, supply chains may become cut off, work spaces may be closed, or employees may need to stay home, all of which could impact a contractor’s ability to perform in a timely … Continue Reading

A Closer Look at Version 1.0 of DoD’s Cybersecurity Maturity Model Certification

On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”).  This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that … Continue Reading

DoD Announces the Release of CMMC Version 1.0

On Friday January 31, 2020, Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, Kevin Fahey, Assistant Secretary of Defense for Acquisition, and Katie Arrington, the Chief Information Security Officer for the Department of Defense (“DoD”), briefed reporters on the release of the Cybersecurity Maturity Model Certification (“CMMC”) Version 1.0.  We have discussed draft … Continue Reading

DoD Releases Version 0.7 of Its Cybersecurity Maturity Model Certification

On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”).  This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October.  (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog … Continue Reading

New FAR Rule Expands Counterfeit Reporting Obligations

Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1]  This Final Rule comes more than five years after the rule was first proposed in … Continue Reading

DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification

On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading

CISA Information and Communications Technology Supply Chain Risk Management Task Force Issues New Interim Report

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management Task Force (the “Task Force”) recently released an interim public report.  The report describes the Task Force’s efforts over the last year to develop recommendations for securing the Government’s supply chain, and outlines the potential … Continue Reading

Navy Modifies Acquisition Supplement to Tighten Cybersecurity Requirements and Implement the Geurts Memorandum

Almost a year after Assistant Secretary of the Navy James Geurts issued his September 28, 2018 memorandum (Geurts Memo) imposing enhanced security controls on “critical” Navy programs, the Navy has issued an update to the Navy Marine Corps Acquisition Regulations Supplement (NMCARS) to implement those changes more formally across the Navy.  Pursuant to this update, a new … Continue Reading

DoD Releases Public Draft of Cybersecurity Maturity Model Certification and Seeks Industry Input

On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment.  The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading

Section 889 Update: First Wave of Acquisition Prohibitions Take Effect

The FAR Council released an Interim Rule in August implementing part of Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019.  In this briefing, we highlight points where the Interim Rule provides clarity; definitional issues that remain unresolved; and new procedural requirements that government contractors should track. The Interim … Continue Reading

DoD Announces the Cybersecurity Maturity Model Certification (CMMC) Initiative

The Department of Defense (“DoD”) recently announced the development of the ”Cybersecurity Maturity Model Certification” (“CMMC”), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base (“DIB”), particularly as it relates to controlled unclassified information (“CUI”) within the supply chain. The Office of the Under Secretary of Defense for Acquisition … Continue Reading

NIST Announces and Seeks Public Comment on 800-171 Update and Related Documents

On June 19, 2019, the National Institute of Standards and Technology (“NIST”) announced the long-awaited update to Special Publication (“SP”) 800-171 Rev. 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which includes three separate but related documents.… Continue Reading

Senate Armed Services Subcommittee on Cybersecurity Holds Hearing to Discuss the Responsibilities of the Defense Industrial Base

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”). To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General … Continue Reading

Keeping Up With DoD Cybersecurity Compliance Demands

(This article was originally published in Law360 and has been modified for this blog.) On Jan. 21, 2019, Ellen Lord, the Under Secretary of Defense for Acquisition and Sustainment, issued a memorandum focused on assessing contractor compliance with the DFARS cyber clause via audits of a Contractor’s purchasing system.[1]  One intent of this guidance is … Continue Reading

When Compliance Is Not Enough: OIG Seeks Voluntary Refund Despite Contractor’s Adherence to “TINA” Requirements

On February 25, 2019, the Office of Inspector General (“OIG”) for the Department of Defense (“DoD”) issued an audit report analyzing the prices of spare aviation parts purchased by the Defense Logistics Agency (“DLA”) and the Army from TransDigm Group, Inc. (“TransDigm”).  The audit was conducted in response to letters from certain Members of Congress, … Continue Reading

DoD Continues to Up the Ante on Cybersecurity Compliance for Contractors

Compliance with the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is only the beginning for contractors that receive controlled defense information (CDI) in performance of Department of Defense (DoD) contracts and subcontracts.  Faced with an evolving cyber threat, DoD contractors have experienced an increased emphasis on protecting DoD’s … Continue Reading

Surviving the Shutdown: Seven Things Contractors Should Consider If a Cost Overrun Is on the Horizon

The U.S. Government shutdown is now the longest in U.S. history and is starting to have serious implications for Government contractors.  One of many key concerns arises when contractors approach their contract funding ceiling — can they continue to work, and what happens if there is a cost overrun?[1] The answers are often complicated for both … Continue Reading

Jumping to Exclusions: New Law Provides Government-Wide Exclusion Authorities to Address Supply Chain Risks

On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security:  mitigating supply chain risk.  On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390).  … Continue Reading

DoD Issues Final Guidance for Assessing Contractor Compliance with NIST SP 800-171

The Department of Defense (DoD) recently issued final guidance for requiring activities to assess contractors’ System Security Plans (SSPs) and their implementation of the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.  A draft of this guidance was made available for public comment in April 2018.  As noted in … Continue Reading

“Economic Security Is National Security”: Key Takeaways from the Defense Industrial Base Report

(This article was originally published in Law360 and has been modified for this blog.) Peter Navarro, assistant to the president for trade and manufacturing policy, recently offered in a New York Times op-ed that “[a] strong manufacturing base is critical to both economic prosperity and national defense.” The Trump Administration’s maxim that “economic security is … Continue Reading

2018 DoD Cyber Strategy: The DoD Defends Forward While the DIB Must Defend its Cyber Practices

The Department of Defense (“DoD”) recently released the summary of its cyber strategy for 2018.  The 2018 DoD Cyber Strategy, which replaces the DoD’s 2015 cyber strategy, is focused broadly on “defending forward,” shaping day-to-day competition, and preparing for conflict.  But the strategy includes items that are sure to be of interest to contractors and … Continue Reading
LexBlog