CMMC 2.0 Brings Much Needed Relief to the Defense Industrial Base

Michael J. Montalbano

In response to more than 850 public comments, the Department of Defense (“DOD”) has decided to significantly revamp the Cybersecurity Maturity Model Certification (“CMMC”) program. On November 4, 2021, DOD announced that it was replacing the current CMMC program with CMMC 2.0, which is expected to significantly reduce the regulatory burden on companies in the Defense Industrial Base (“DIB”). DOD made three significant changes through the new CMMC 2.0 program:

Reduces the number of CMMC levels. As we explained in earlier posts, CMMC 1.0 originally had five CMMC levels of ascending sophistication. CMMC 2.0 now only has three levels:

      • CMMC 2.0 Level One: This level will apply to most DIB companies and requires compliance with 17 basic cyber hygiene practices.
      • CMMC 2.0 Level Two: This level applies to DIB companies who will receive controlled unclassified information (“CUI”) and is expected to align with the requirements under NIST SP 800-171. Notably, DOD already requires most DIB companies receiving CUI to comply with NIST SP 800-171 through the cybersecurity DFARS clause 252.204-7012.
      • CMMC 2.0 Level Three: DOD is still developing the requirements for this level, but we expect that this level will apply to only the most sensitive and high-risk DOD projects.
Continue reading “CMMC 2.0 Brings Much Needed Relief to the Defense Industrial Base”

New Government Guidance Sets January 4, 2022, as Uniform Vaccination Deadline

Justin A. Chiarodo, Stephanie M. Harden, and Samarth Barot

Stephanie Harden's Headshot Photo

Earlier today, November 4, 2021, the White House issued a fact sheet addressing its vaccination policies, including the government contractor mandate under EO 14042. Three key points stand out: (1) the compliance deadline for “full vaccination” status will be extended from December 8, 2021, to January 4, 2022; (2) the Occupational Safety and Health Administration (“OSHA”) vaccine rule for larger employers (which may permit weekly testing in lieu of vaccination) will not apply to workplaces covered by the federal contractor mandate; and (3) the Government continues to take the position that its mandates will preempt conflicting state or local laws. The full press release can be found at Fact Sheet: Biden Administration Announces Details of Two Major Vaccination Policies.

How does this new guidance impact government contractor compliance with EO 14042?

Most notably, the guidance extends the deadline for full vaccination status for covered contractors from December 8, 2021, to January 4, 2022. Covered contractor employees should receive their final vaccine dose by the new January 4, 2022, deadline.

Continue reading “New Government Guidance Sets January 4, 2022, as Uniform Vaccination Deadline”

Government Provides New Compliance Flexibility under Contractor Vaccine Mandate

Justin A. Chiarodo and Stephanie M. Harden

This image has an empty alt attribute; its file name is chiarodo_justin_03403_headshot_4c_print_frame.jpg
Stephanie Harden's Headshot Photo



Yesterday, November 1, 2021, the Safer Federal Workforce Task Force issued significant new guidance for contractors implementing vaccine mandates. The two key takeaways are: (1) contractors are not required to terminate unvaccinated employees immediately when the mandate goes into effect on December 8, and (2) federal agencies should not terminate contracts if a contractor is actively working toward compliance, even if the contractor faces challenges to achieving full compliance. The full updated FAQ is available on the Safer Federal Workforce Task Force website.

Are contractors still required to mandate vaccination by December 8?

Yes, covered contractors are still required to mandate that employees get vaccinated by December 8. However, rather than terminate noncompliant employees after the December 8 deadline, contractors should “determine the appropriate means of enforcement” for their employees.

Continue reading “Government Provides New Compliance Flexibility under Contractor Vaccine Mandate”

Department of Justice to Prioritize Cybersecurity Fraud through New Civil Cyber-Fraud Initiative

Sharon R. Klein, Jennifer A. Short, and Robyn N. Burrows

Sharon R. Klein headshot image
Jennifer A. Short headshot image


On October 6, 2021, the U.S. Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to pursue cybersecurity fraud matters using the enforcement mechanisms of the False Claims Act (“FCA”).

This initiative follows DOJ’s four-month effort to review its cybersecurity strategy and reflects the government’s increased focus on contractor data security. Led by the Civil Division’s Commercial Litigation Branch, Fraud Section—i.e., the DOJ Section responsible for investigating and litigating FCA matters—the initiative targets government contractors and grant recipients that “put U.S. information or systems at risk” by “knowingly”:

      • providing deficient cybersecurity products or services;
      • misrepresenting the company’s cybersecurity practices or protocols; or
      • violating their obligations to monitor and report cybersecurity incidents and breaches.

We discuss the cybersecurity landscape preceding the new initiative, possible impacts and focus areas of the initiative, and how contractors should prepare for potential enforcement.

To read the full client alert, please visit our website

State Vaccine Mandate Bans: What Are Federal Contractors to Do?

Justin A. Chiarodo and Stephanie M. Harden

Stephanie Harden's Headshot Photo

Texas Governor Greg Abbott just raised the stakes in the inevitable tide of litigation about President Biden’s COVID-19 vaccine mandates by issuing an Executive Order banning vaccine mandates in Texas. We expect other states to follow suit. This raises important questions for federal contractors, who are working against the clock to ensure compliance with the new vaccine mandate applicable to most federal contracts by December 8, 2021 (see our most recent blog post about the details of the mandate, Government Contractor Vaccine Mandate FAQ: Status of Class Deviations and Accommodations Process).

Continue reading “State Vaccine Mandate Bans: What Are Federal Contractors to Do?”

Government Contractor Vaccine Mandate FAQ: Status of Class Deviations and Accommodations Process


Justin A. Chiarodo and Stephanie M. Harden

Stephanie Harden's Headshot Photo

It has been a busy week on the federal contractor COVID-19 vaccine mandate front. We answer questions below about the new class deviations that should start showing up in new contracts and solicitations, and key open issues on exemptions and coverage.

Where do things stand right now?

The Executive Order (“EO”) contemplated formal FAR amendments to be published by October 8, 2021. That date looks like it will slip. The open FAR Case shows an Ad Hoc Team has been tasked with drafting a FAR rule, with a report due on November 17. In the interim, both the Civilian and Defense Agency Acquisition Councils issued class deviations (here and here, respectively) implementing the EO. The deviations largely mirror the September 24, 2021, guidance.

Continue reading “Government Contractor Vaccine Mandate FAQ: Status of Class Deviations and Accommodations Process”

Blank Rome Government Contract and White Collar Defense & Investigations Attorneys Appointed to American Bar Association’s Public Contract Law Section Leadership

Blank Rome LLP is pleased to announce that partners Dominique L. CasimirJustin A. ChiarodoStephanie M. HardenLuke W. Meier, and Jennifer A. Short; senior counsel David M. Nadler; and associate Robyn N. Burrows, of the firm’s nationally recognized Government Contracts group, have been appointed to leadership roles for the American Bar Association’s (“ABA”) Public Contract Law Section.

They will serve in the following roles for the 2021–2022 term:

      • Dominique Casimir: Co-Chair – Debarment & Suspension Committee; Vice-Chair – Diversity Committee
      • Justin Chiarodo: Vice Chair – Mergers & Acquisitions Committee
      • Stephanie Harden: Vice Chair – Accounting, Cost & Pricing Committee
      • Luke Meier: Vice Chair – Bid Protest Committee
      • Jennifer Short: Vice Chair – Procurement Fraud & False Claims Committee
      • Dave Nadler: Vice Chair – Procurement Fraud & False Claims Committee
      • Robyn Burrows: Associate Editor – Procurement Lawyer

The ABA Section of Public Contract Law serves to provide balanced recommendations on procurement policy, provide a forum to engage with colleagues across all segments of the procurement industry, and gain insight into and develop unique perspectives of federal, state, and local public contract law. For more information, please visit the Section’s webpage.

Breaking Down the COVID-19 Safety Guidance for Government Contractors and Subcontractors: What We Know, What We Don’t, and What’s Next

Justin A. Chiarodo and Albert B. Krachman


Answering some questions and raising others, the Safer Federal Workforce Task Force issued its highly anticipated COVID-19 Workplace Safety: Guidance for Federal Contractors and Subcontractors on Friday, September 24. The Guidance follows the president’s September 9, 2021, Executive Order (“EO”), which we summarized in FAQ: Government Contractor COVID Safeguards Executive Order.

In short: a broad vaccine mandate for employees of government contractors is coming. But the exact details on application, exemptions, and compliance remain unclear. New rules due by October 8, 2021, should better address those questions. Adding to this uncertainty, the Guidance encourages individual agencies to issue their own (potentially broader) guidance. That said, we can infer a lot from Friday’s guidance.

Continue reading “Breaking Down the COVID-19 Safety Guidance for Government Contractors and Subcontractors: What We Know, What We Don’t, and What’s Next”

Old Dominion, New Privacy Law: The Virginia Consumer Data Protection Act

With the recent adoption of the Virginia Consumer Data Protection Act (“VCDPA”), the state’s consumers will have new rights to understand what data a company collects about them, how that data is used, and with whom they share it. In short, the new law will have a national impact on any company doing business in the state.

Led by attorneys from Blank Rome’s Privacy, Security & Data Protection and White Collar Defense & Investigation Groups, this complimentary webinar will provide in-depth analysis of the VCDPA and timely insights on how businesses should prepare to comply with its provisions, including discussion of:

      • Scope of the VCDPA;
      • The VCDPA compared to the California Consumer Privacy Act and other privacy regimes;
      • New data rights of consumers;
      • Information security requirements; and
      • Issues related to enforcement.

PRESENTERS

  • Sharon R. Klein, Partner and Chair, Privacy, Security & Data Protection, Orange County, CA
  • Alex C. Nisenbaum, Partner, Privacy, Security & Data Protection, Orange County, CA
  • Jennifer A. Short, Partner, White Collar Defense & Investigations, Washington, D.C.

CLE Credit

This course is anticipated to qualify for the following CLE credits: VA 1.0 general credit

QUESTIONS? Please contact Courtney Litman via e-mail.

Tuesday, September 21, 2021
10:00‒11:00 a.m. PDT / 1:00‒2:00 p.m. EDT
Online Event

REGISTER HERE

FAQ: Government Contractor COVID Safeguards Executive Order

Justin A. Chiarodo, Brooke T. Iley, and Albert B. Krachman


“If you want to work with the federal government, do business with us? Get vaccinated” – President Biden, White House Remarks, September 9, 2021

We forecast in March (Will Federal Contractors Be Required to Certify Employee COVID Vaccinations?) possible COVID safety mandates for government contractors. They’ve arrived. President Biden issued a September 9, 2021, executive order (“EO”) that will implement sweeping COVID Safety protocols for government contractors, including potential vaccine mandates, to be established by the Safer Federal Workforce Task Force.

This FAQ breaks down the basics and includes our assessment of best practices pending forthcoming rulemaking.

Continue reading “FAQ: Government Contractor COVID Safeguards Executive Order”