Blank Rome Welcomes Nicole Islinger as Partner in Washington, D.C., Strengthening Corporate Practice and Aerospace, Defense & Government Services Industry Team

Blank Rome LLP is pleased to announce that Nicole Islinger has joined the firm’s Washington, D.C., office as a partner in the Corporate, M&A, and Securities group and as a member of the Aerospace, Defense & Government Services (“ADG”) and Technology industry teams. She brings deep transactional experience centered on mergers and acquisitions (“M&A”), with substantial experience in government contracting, technology, and private equity. Nicole, who began her career as an associate at Blank Rome, rejoins the firm from Pillsbury Winthrop Shaw Pittman LLP.

“We are excited to welcome Nicole to our Washington, D.C., office and our national corporate practice,” said Grant S. Palmer, Blank Rome’s Chair and Managing Partner. “Her deep experience in government contracts M&A and her practical insight into the federal marketplace and procurement landscape will bring meaningful advantages to clients pursuing growth in the aerospace, defense, and government services sector. Nicole’s ability to help companies navigate the unique demands of federal acquisitions makes her a valuable addition to our national corporate team.”

Nicole is an experienced M&A attorney with a strong track record guiding companies through complex transactions in the government contracting and technology sectors. She has deep experience advising small business government contractors on founder-led, sell-side M&A, as well as buyers and sellers navigating the unique regulatory and commercial considerations of the federal marketplace. Her practice also extends to helping international companies enter and operate in the U.S. government contracting space, where she regularly advises on market entry strategies and related international trade considerations.

Read the full press release on our website.

GSA Issues New Framework for Protecting CUI in Contractor Systems

Michael Joseph Montalbano ●

Last month the General Services Administration’s (“GSA”) Office of the Chief Information Security Officer (“OCISO”) issued CIO-IT Security-21-112 Rev. 1, a procedural guide governing how Controlled Unclassified Information (“CUI”) must be protected when it resides in nonfederal contractor systems. Although styled as internal process guidance rather than a regulation, the document establishes a detailed approval framework that will determine which contractors are eligible for GSA contracts that include CUI.

Background and Scope

The guide, which implements GSA’s approach to safeguarding CUI, uses National Institute of Standards and Technology (“NIST”) SP 800-171, Revision 3, selected enhanced requirements from NIST SP 800-172, and selected privacy controls from NIST SP 800-53, Revision 5. It applies where CUI is resident in a contractor system that is not operated on behalf of the federal government, and therefore is not subject to the Federal Information Security Modernization Act or the Federal Risk and Authorization Management Program (“FedRAMP”). Use of this process requires coordination with OCISO and approval by the GSA Chief Information Security Officer. GSA intends to eventually incorporate these requirements into applicable contracts and solicitations.

Continue reading “GSA Issues New Framework for Protecting CUI in Contractor Systems”

DOJ Announces Record-Breaking False Claims Act Recoveries in FY 2025: What the Stats Portend for 2026

Jennifer A. Short and Oliver E. Jury ●

Jennifer A. Short headshot image

Fiscal Year (“FY”) 2025 yielded a historic high of over $6.8 billion in False Claims Act (“FCA”) settlements and judgments, underscoring the Department of Justice’s (“DOJ”) aggressive enforcement. DOJ’s annual report, released January 16, 2026, showed that healthcare fraud matters again dominated the lion’s share of the moneys recovered, accounting for more than $5.7 billion, and reaffirming the sector’s centrality to FCA priorities. Qui tam lawsuits also retained an outsized influence, representing approximately $5.3 billion in recoveries for both intervened ($3.0 billion) and declined ($2.3 billion) cases. On the flip side, that means the government recovered some $1.5 billion without the aid of an underlying whistleblower complaint. The pipeline of new cases looks robust moving forward: whistleblowers filed a record 1,297 new qui tam suits, and DOJ opened 401 new investigations.

Continue reading “DOJ Announces Record-Breaking False Claims Act Recoveries in FY 2025: What the Stats Portend for 2026”

Prioritizing the Warfighter in Defense Contracting—What Does the New EO Mean for Contractors?

Scott Arnold 

President Trump issued an Executive Order (“EO”) on January 7, 2025, that seeks improved performance of defense contracts and enhanced contractor investments in production capacity through measures that would impose limits on executive compensation when contractor performance or investment levels are deemed inadequate. The EO, Prioritizing the Warfighter in Defense Contracting, appears predicated on the belief that “after years of misplaced priorities, traditional defense contractors have been incentivized to prioritize investor returns over the Nations’s warfighters.” To address this, the EO states that “[m]ajor defense contractors will no longer conduct stock buy-backs or issue dividends at the expense of accelerated procurement and increased production capacity.” While the desire to improve defense contract performance is understandable, the attempt to do so through regulation of executive compensation is unprecedented.

What Does the EO Require?

The EO sets forth two key mechanisms through which the new priorities will be implemented.

Continue reading “Prioritizing the Warfighter in Defense Contracting—What Does the New EO Mean for Contractors?”

Preliminary Takeaways as DoD Seeks to Redesign the Defense Acquisition System for Wartime Speed

Oliver E. Jury ●

During a speech before key players in the defense industrial base on Friday, November 7, Secretary Hegseth announced plans for a sweeping transformation of the Defense Acquisition System, redesignating it as the Warfighting Acquisition System (“WAS”) and elevating speed-to-field as the organizing principle. The reforms would concentrate authority, expand competition and modularity, adopt commercial-first pathways, modernize contracting and training, and streamline oversight—all aimed at accelerating capability delivery and scaling industrial capacity for surge. While much will depend on how these announced changes are implemented, in this post we highlight key aspects of the changes and identify potential impacts to monitor. Secretary Hegseth’s full recorded remarks are available on C-SPAN’s website.

Redesignation and Organizing Principle

Acquisition is to be treated as a warfighting function, with every process required to justify its value to timely capability delivery. The WAS will reframe success around time-to-capability rather than exhaustive specification compliance.

Potential impact: Companies should expect solicitations and evaluations to prioritize schedule credibility and operational outcomes, reshaping win strategies toward demonstrable speed and adaptability.

Continue reading “Preliminary Takeaways as DoD Seeks to Redesign the Defense Acquisition System for Wartime Speed”

BIS Rescinds 2024 Firearms Export Controls, Reduces Regulatory Burdens on U.S. Firearms Industry

Anthony Rapa and Patrick F. Collins ●

The U.S. Department of Commerce’s Bureau of Industry and Security (“BIS”) issued a final rule on September 30, 2025, rescinding the 2024 interim final rule (“Firearms IFR”) under the Export Administration Regulations (“EAR”) that had imposed new export license requirements and restrictions on firearms, ammunition, and related items. The new rule restores export controls for these items to their pre-May 2024 status, with the exception of maintaining certain new Export Control Classification Numbers (“ECCNs”). The action is intended to reduce regulatory burdens on U.S. firearms exporters while maintaining appropriate controls to protect national security and foreign policy interests.

Background

BIS issued the Firearms IFR on April 30, 2024, tightening controls on commercial firearms, ammunition, and related items under the EAR. It created four new ECCNs for semi-automatic rifles, pistols, shotguns, and certain parts (0A506-0A509) on the Commerce Control List (“CCL”). It also applied broad crime-control licensing worldwide, shortened license validity to one year, curtailed certain license exceptions, and adopted presumptions of denial for non-government end users in 36 high-risk destinations.

The Firearms IFR followed a 2023 licensing pause and policy review that identified significant diversion and misuse of U.S.-origin guns abroad. BIS used the Firearms IFR to act swiftly while soliciting public comment on further refinements.

Continue reading “BIS Rescinds 2024 Firearms Export Controls, Reduces Regulatory Burdens on U.S. Firearms Industry”

E‑Verify, FAR 52.222‑54, and Renewed FCA Risk: What Contractors Need to Know

Jennifer A. Short, and Oliver E. Jury ●

Jennifer A. Short headshot image

The current administration’s focus on immigration played out in a recent False Claims Act (“FCA”) matter in which a federal contractor was alleged to have billed for unauthorized workers in violation of FAR 52.222‑54 (Employment Eligibility Verification, “E-Verify”).

On September 18, 2025, the Department of Justice (“DOJ”) announced that Bayonne Drydock and Repair Corporation (“Bayonne”) agreed to pay $4,043,810.56 to resolve allegations that unauthorized workers worked on Bayonne’s Navy contracts over multiple years.

According to DOJ’s press release, in 2016, the Department of Homeland Security (“DHS”) sent a “Notice of Suspect Documents” to a subcontractor controlled by Bayonne’s Risk Manager, questioning the work authorization of certain subcontractor employees. While the Risk Manager terminated the unauthorized employees, she re-hired some of them through another subcontractor that she controlled. Bayonne’s settlement agreement with DOJ asserts that between 2016 and 2020, Bayonne billed the government for the work of approximately 52 unauthorized employees working for entities owned or controlled by Bayonne’s Risk Manager. The settlement agreement also confirmed that the Risk Manager pled guilty to criminal charges stemming from her role with Bayonne and its subcontractors.

Continue reading “E‑Verify, FAR 52.222‑54, and Renewed FCA Risk: What Contractors Need to Know”

U.S. Department of State Eases Military Drone Export Review Policy

Anthony Rapa and Patrick F. Collins ●

The U.S. Department of State (“State”) announced an update to its miliary drone export review policy on September 15, 2025, pursuant to which advanced unmanned aerial systems (“UAS”) will be subject to an export control policy similar to that of crewed aircraft, rather than more restrictive review applicable to missiles. Key takeaways include:

1. Policy Shift: Drones Reviewed Like Fighter Jets, Not Missiles

State announced that pursuant to the policy change, it will consider requests to export UAS similarly to how it reviews requests to export crewed fighter aircraft, rather than as missile systems. This marks a departure from the longstanding application of the Missile Technology Control Regime (“MTCR”) to exports of certain UAS, which imposed a strong presumption against the transfer of large, weaponizable drones due to their range and payload capabilities and provided for rigorous review of other UAS transfers.

Continue reading “U.S. Department of State Eases Military Drone Export Review Policy”

Where Grant Litigation Stands After the Supreme Court’s Jurisdictional Ruling in NIH

Dominique L. Casimir

The Supreme Court issued a fractured, 4-1-4 ruling on its emergency docket in National Institutes of Health v. American Public Health Association, No. 25A103, 606 U.S. ____ (2025) (per curiam) (“NIH”) on August 21, 2025.

The Court’s ruling left behind a complex legal landscape, because four justices wrote that a district court has jurisdiction to hear both a challenge to agency guidance alleged to be arbitrary and capricious, and challenges to grant terminations based on that guidance. Four other justices wrote that the entire case (i.e., both the challenge to the agency guidance and the challenge to grant terminations based on that guidance) belongs in the Court of Federal Claims. In the end, the outcome was controlled by a single justice (Justice Barrett), who decided the jurisdictional issue in a manner inconsistent with the views of eight justices. In her controlling concurrence, Justice Barrett ruled that a district court has jurisdiction to hear a challenge to agency guidance, but lacks jurisdiction to hear challenges to grant terminations based on that guidance because grant termination challenges are subject to the Tucker Act and therefore belong in the Court of Federal Claims.

Two lower opinions handed down since NIH show lower courts falling in line with Justice Barrett’s ruling in NIH:

Continue reading “Where Grant Litigation Stands After the Supreme Court’s Jurisdictional Ruling in NIH”

This Is Not a Drill: Department of Defense Issues Long-Awaited Final CMMC DFARS Rule

Michael Joseph Montalbano ●

After years of drafts and interim measures, the Department of Defense (“DOD”) has issued the final Defense Federal Acquisition Regulation Supplement (“DFARS”) rule implementing the Cybersecurity Maturity Model Certification (“CMMC”) program. This long-awaited development cements CMMC as a contractual requirement and clarifies key aspects of the rule’s certification, compliance, and oversight requirements.

How Will CMMC Work?

Under the final rule, every solicitation where a contractor may store, process, or transmit Federal Contract Information (“FCI”) or controlled unclassified information (“CUI”) will be assigned a CMMC level. Solicitations involving just FCI will have a CMMC Level 1 requirement. Solicitations involving non-Defense CUI will have a CUI Level 2 Self-Attestation requirement. Solicitations involving Defense CUI will have a CUI Level 2 third-party certification (i.e., C3PAO) requirement. Solicitations involving particularly sensitive DOD programs will have a Level 3 requirement. Level 3 requires an assessment by the Defense Industrial Base Cybersecurity Assessment Center (“DIBCAC”).

Continue reading “This Is Not a Drill: Department of Defense Issues Long-Awaited Final CMMC DFARS Rule”