Disharmony in the Cyber Acquisition Patchwork
Client Alert | 1 min read | 05.07.15
While Executive Order No. 13636 asked for a review of "what steps can be taken to harmonize" existing cyber regulations governing federal acquisitions, a patchwork of more than a dozen different agency regulations – and dozens upon dozens of unpublished cyber policies – impose heavy burdens upon contractors seeking to build cost-effective cybersecurity compliance programs. On May 11, C&M's David Z. Bodenheimer will discuss this analysis and lead a co-sponsored program for the ABA Public Contract Law Section's Cybersecurity, Privacy, and Information Security Committee and the Science & Technology Law Section's Homeland Security Committee on "The Cybersecurity Patchwork of Federal Agency Rules & Unpublished Policies: How Do Contractors Comply?"
Insights
Client Alert | 2 min read | 07.15.26
CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations
As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements (Level I and II self assessments are still permitted). Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights.
Client Alert | 3 min read | 07.15.26
Client Alert | 3 min read | 07.14.26
Client Alert | 3 min read | 07.13.26
Amici Rally Behind Liberty Global, Urging Tenth Circuit to Rein in Economic Substance Doctrine
