Insights

On May 12, 2025, the Defense Counterintelligence and Security Agency (DCSA) released a new SF-328[1] consisting of 9 questions and 6 pages of instructions that detail the types of supporting documentation requested and identify information required by different responding entities (e.g., corporate, non-profit, academic, etc.). With this SF-328, DCSA is seeking certain frequently requested information and documents with initial SF-328 submissions rather than obtaining these documents through communications or revised SF-328 submissions. Additionally, when completed, the new SF-328 is considered Controlled Unclassified Information (CUI).

On May 7, 2025, the Defense Counterintelligence and Security Agency (DCSA or the “Agency”) announced the approval[1] of a revised and expanded Standard Form (SF) 328, Certificate Pertaining to Foreign Interests. Contractors and subcontractors engaged in work involving classified information use the SF-328 for disclosures relating to foreign ownership, control, or influence—and the form will soon be required for contractors and subcontractors in the unclassified space for certain covered contracts. Publication of the updated form has not yet occurred but is expected as soon as this weekend (May 10-11). New SF-328 forms will be required for initial and changed condition packages initiated on or after May 12 according to a National Industrial Security System (NISS) communication today.

On May 2, 2025, the Office of Federal Procurement Policy (“OFPP”) and the Federal Acquisition Regulatory Council (“FAR Council”) issued the first round of promised FAR rewrites—to Parts 1, 34, and 52—alongside a guidance memorandum for agencies subject to the FAR, Deviation Guidance to Support the Overhaul of the Federal Acquisition Regulation (“FAR Council Deviation Guidance”). The Office of Management and Budget also released a guidance memo, Overhauling the Federal Acquisition Regulation (“OMB Guidance”), that addresses the proposed implementation roadmap for the FAR overhaul. These initial FAR revisions follow the April 15, 2025 Executive Order (“EO”), Restoring Common Sense to Federal Procurement, which we previously reported on here.

On September 24, 2024, the Office of Management and Budget (OMB) released Memorandum M-24-18, Advancing the Responsible Acquisition of Artificial Intelligence in Government (Memo).  The 36-page Memo builds on OMB’s March 2024 guidance governing federal agencies’ use of AI, Memorandum M-24-10, which we reported on here.  The Memo addresses requirements and guidance for agencies acquiring AI systems and services, focusing on three strategic goals: (i) ensuring collaboration across the federal government; (ii) managing AI risks and performance; and (iii) promoting a competitive AI market.

Recently, there has been a significant increase in scams targeting users of the System for Award Management (SAM.gov).  Active SAM registrations are required for federal government contractors, including to receive contracts and payments.  The non-public portions of these registrations include bank account information, tax information, and other sensitive information about a company.  Recent phishing scams and efforts to gain access to registrations indicate sophisticated actors are attempting to manipulate SAM registrations, possibly for access to payments from the government, among other reasons.  Company SAM registration Administrators should protect the company’s SAM registration from unauthorized access to the greatest extent possible.

As Crowell covered in a recent alert, the Department of Defense (DoD) on October 11, 2024 released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC).

On October 4, 2023, Deputy Attorney General (DAG) Lisa O. Monaco announced the Department of Justice’s (DOJ) new safe harbor policy for voluntary self-disclosures made in connection with mergers and acquisitions (Safe Harbor Policy).  Following other announcements from DOJ over the past two years aimed at encouraging voluntary self-disclosures, the Safe Harbor Policy was adopted because DOJ does not want to “discourage companies with effective compliance programs from lawfully acquiring companies with ineffective compliance programs.”  Through this new policy, DOJ is aiming to incentivize acquirers to timely disclose misconduct discovered during the M&A process (including pre-closing diligence and post-closing integration).

On August 23, 2023, the Office of Management and Budget (OMB) released its final rule and notification of final guidance addressing implementation of the Build America, Buy America Act (BABA) provisions enacted with the Infrastructure Investment and Jobs Act (IIJA), which requires the use of domestic iron, steel, manufactured products, and construction materials in infrastructure projects supported with federal financial assistance.  The final rule goes into effect October 23, 2023, and applies to federal awards for infrastructure projects awarded after November 15, 2021.  We previously reported on OMB’s February 9, 2023 proposed guidance here.

On June 29, 2023, the Government Accountability Office (GAO) released its second report[1] on Department of Defense (DoD) artificial intelligence (AI) acquisition efforts.  This latest report examines the DoD’s lack of formal AI acquisition guidance and identifies key principles from the private sector that can be applied to the DoD’s AI acquisition efforts. 

Federal contractors must be registered on SAM.gov to be eligible for award of federal contracts.  Failure to do so can have significant consequences, as the recent U.S. Court of Federal Claims (CFC) decision in Myriddian, LLC v. United States, No. 23-443 makes clear. 

As previewed in President Biden’s State of the Union Address, the Office of Management and Budget (OMB) issued a proposed rule and notification of proposed guidance on February 9, 2023 to improve uniformity and consistency in the implementation of Build America, Buy America (BABA) requirements applicable to federally funded infrastructure projects pursuant to the Infrastructure Investment and Jobs Act (IIJA).

On September 30, 2022, President Biden signed the SBIR and STTR Extension Act of 2022 (the Act), reauthorizing the Small Business Innovation Research (SBIR), Small Business Technology Transfer (STTR), and six pilot programs for three years, until September 30, 2025.  The Act includes new due diligence and reporting requirements, award restrictions, and clawback provisions related to national security risks—particularly regarding firms with ties to China, Russia, North Korea, and Iran—and increased minimum performance standards for multiple SBIR/STTR award winners.  The passage and signing of the Act averted a potential lapse of these programs, which were set to expire the day of the reauthorization.

As Congress considers legislation prohibiting government contractors from doing business in Russia, over 20 states have already acted. In this alert, we highlight: (i) how different states are defining Russian business operations, and the corresponding risks to differently situated government contractors; and (ii) unique aspects of certain state actions that contractors need to be aware of as they develop their compliance strategy.

As we covered in a prior alert, the recently introduced Federal Contracting for Peace and Security Act (H.R. 7185) could have a profound impact on government contractors. The Act would require termination of existing contracts and prohibit awards, extensions, and renewals of prime contracts and subcontracts with companies doing business in the Russian Federation during its ongoing war of aggression against Ukraine.

As discussed in our previous alert on the Federal Contracting for Peace and Security Act, many state governors and legislatures have issued or are contemplating actions to limit state contracts with companies doing business in Russia.  A growing number of states have already passed legislation that codifies Russia-related prohibitions.  These fast-moving developments could significantly impact government contractors’ operations.   

Thus far, the Russia-Ukraine war’s primary impacts on Government Contractors have largely been in the export control and sanctions arenas.  However, that could change dramatically under new federal and state proposals.  

During December 2021, the House and Senate reached agreement on a compromise National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2022.  On December 23, 2021, Congress presented S. 1605 to President Biden, which he signed on December 27, 2021. 

On March 29, 2021, the Securities and Exchange Commission’s Division of Examinations published a Risk Alert titled “Compliance Issues Related to Suspicious Activity Monitoring and Reporting at Broker-Dealers.”  The Alert identifies recurring issues that the Division has identified with the anti-money laundering (“AML”) programs of broker-dealers, particularly as these relate to the filing of suspicious activity reports (“SARs”).  It builds on similar issues that the SEC litigated and prevailed on in SEC v. Alpine Securities Corporation in the Second Circuit Court of Appeals, and is consistent with the fact that the SEC has identified AML program compliance as an examination priority in 2021, the fourth consecutive year it has done so.

On April 5, 2021, the Financial Crimes Enforcement Network (FinCEN) published an Advance Notice of Proposed Rulemaking (ANPRM) in the Federal Register seeking public comment on 48 questions with respect to the implementation of the beneficial ownership reporting requirements in the Corporate Transparency Act (CTA) and the implementation of the related database maintenance use and disclosure provisions.  The deadline for comment is May 5, 2021.