On May 16, 2016, the Department of Defense (DoD), General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA) issued a Final Rule to add a new subpart and contract clause (52.204-21) to the Federal Acquisition Regulation (FAR) “for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information.” See 81 Fed. Reg. 30439 (May 16, 2016).  The Rule imposes a set of fifteen “basic” security controls for contractor information systems upon which “Federal contract information” transits or resides.  The Final Rule does not relieve obligations that a contractor may face for the safeguarding of other government information, including controlled unclassified information or covered defense information. Indeed, the Final Rule is only the first step in a number of interrelated regulatory actions being taken in the cybersecurity area.  Based on its scope, the vast majority of federal contractors will be covered by this Final Rule once they accept the new FAR clause.  Please see our in-depth analysis here

Photo of Susan B. Cassidy Susan B. Cassidy

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply…

Susan Cassidy co-chairs Covington’s Aerospace and Defense Industry Group, and has been advising government contractors for more than 35 years on the requirements imposed on companies contracting with the U.S. Government.

Susan’s practice focuses on the intersection of cybersecurity, national security, and supply chain risk management for companies that sell products and services to the U.S. Government. Susan advises contractors at all phases of the procurement cycle, and regularly:

advises clients on compliance obligations imposed by the FAR, DFARS, and other agency regulatory requirements;
leads internal and government False Claims Act (FCA) investigations addressing allegations of violations of government cybersecurity, national security, supply chain, quality, and MIL-SPEC requirements; and
advises clients who have suffered a cyber breach where U.S. government information may have been impacted.

In her work with global, national, and start-up contractors, Susan advises companies on all aspects of government supply chain issues including:

Government cybersecurity requirements, including the Cybersecurity Maturity Model Certification (CMMC), DFARS 252.204-7012, FedRAMP, controlled unclassified information (CUI), and NIST SP 800-171 requirements;
Evolving sourcing issues such as Section 889, counterfeit part requirements, Section 5949 semiconductor product and service restrictions, and limitations on sourcing a variety of products from China; and
Federal Acquisition Security Council (FASC) regulations and product exclusions.

 

Susan previously served as senior in-house counsel for two major defense contractors (Northrop Grumman Corporation and Motorola Incorporated) and is Chambers rated in both Government Contracts and Government Contracts Cybersecurity. Chambers USA has quoted sources stating that “Susan’s in-house experience coupled with her deep understanding of the regulatory requirements is the perfect balance to navigate legal and commercial matters.”

Susan is a former Public Contract Law Procurement Division Co-Chair, former Co-Chair and current Vice-Chair of the ABA PCL Cybersecurity, Privacy and Emerging Technology Committee.

Susan’s pro-bono work extends to assisting veterans in a variety of matters, as well as providing advice to elderly clients on their wills and other end-of-life planning documents.

Read more about Susan B. Cassidy
Show more Show less