Photo of Susan B. Cassidy

Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.

On June 21, 2023, DHS published a final rule that amends the Homeland Security Acquisition Regulation (HSAR) both by modifying the existing regulations through removing and updating existing clauses and by adding new contract clauses to include certain requirements for the safeguarding of Controlled Unclassified Information (CUI).  The final rule, first released in proposed form

This is the twenty-fifth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through April 2023.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during May 2023. Continue Reading May 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

This is the twenty-fourth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through March 2023.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during April 2023. Continue Reading April 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

This is the twenty-third in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through February 2023.  This blog describes key actions taken to implement the Cyber EO during March 2023.Continue Reading March 2023 Developments Under President Biden’s Cybersecurity Executive Order

This is the twenty-second in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through January 2023.  This blog describes key actions taken to implement the Cyber EO during February 2023.Continue Reading February 2023 Developments Under President Biden’s Cybersecurity Executive Order

The United States National Cybersecurity Strategy, released on March 2, 2023, is poised to place significant responsibility for cybersecurity on federal contractors, technology companies, and critical infrastructure owners and operators.  The Strategy articulates a series of objectives and recommended executive and legislative actions that, if implemented, would increase the cybersecurity responsibilities and requirements of

This is the twenty-first in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through December 2022.  This blog describes key actions taken to implement the Cyber EO during January 2023.Continue Reading January 2023 Developments Under President Biden’s Cybersecurity Executive Order

This is the twentieth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blogsummarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through November 2022.  This blog describes key actions taken to implement the Cyber EO during December 2022.Continue Reading December 2022 Developments Under President Biden’s Cybersecurity Executive Order

On December 23, 2022, President Biden signed the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (the “FY2023 NDAA”) into law.  As described in Covington’s Client Alert, FY23 NDAA: Provisions of Interest for Almost All Government Contractors, the FY23 NDAA contains provisions of interest for almost all U.S. Government contractors.  One provision likely to be of particular interest to U.S. contractors who provide or plan to provide cloud computing services to the U.S. Government is the FedRAMP Authorization Act (the “Act”), which codifies the Federal Risk and Authorization Management Program (“FedRAMP”).

Of note, the Act creates a “presumption of adequacy” that cloud providers with authorization from one agency can use that authorization with other agencies. This is an expansion compared to the current process which allows authorizations by the FedRAMP Joint Authorization Board, but not authorizations from individual agencies, to serve as the basis for an agency’s own authorization process.  It also creates the Federal Secure Cloud Advisory Committee, comprised of 15 members of the public and private sector, to provide recommendations regarding FedRAMP and the acquisition of cloud services more generally.Continue Reading FY2023 NDAA Makes Notable Changes to FedRAMP Program

On December 23, 2022, President Biden signed the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 into law.  The Act contains two significant prohibitions regarding the procurement and use of semiconductor products and services from specific Chinese companies and other foreign countries of concern that will come into effect in December 2027. Continue Reading NDAA Prohibits Government Purchase and Use of Certain Semiconductors