Tag: information technology

And No Longer Trending: 7 FAQs Regarding the Federal Contractor TikTok Ban

Justin A. ChiarodoLuke W. Meier, and Robyn N. Burrows ●


Building on recent and ongoing efforts to limit Chinese government access to government contractor supply chains, the FAR Councils published an interim rule effective June 2, 2023, that will broadly ban TikTok on contractor and contractor employee electronic devices used in the performance of federal contracts. The ban will be implemented through a new contract clause at FAR 52.204-27. Expect to see the clause added in all future solicitations (including commercially available off-the-shelf (“COTS”) acquisitions and micro-purchases) and added to existing contracts over the next month. We answer seven common questions on this new interim rule and offer several compliance tips.

What’s banned?

The new TikTok ban broadly prohibits contractors from having or using a “covered application” (e.g., TikTok or other successor applications by ByteDance Limited, a privately held company headquartered in Beijing, China) on any “information technology” used in the performance of a government contract. The ban applies regardless of whether the technology is owned by the government, the contractor, or the contractor’s employees. Bottom line, the rule has a (very) broad reach—it applies to contracts below the micro-purchase threshold, contracts for commercial products and services, and COTS items.

Continue reading “And No Longer Trending: 7 FAQs Regarding the Federal Contractor TikTok Ban”

President Biden’s Recent Cybersecurity Executive Order Will Increase Compliance Obligations on the Private Sector

Sharon R. Klein, Alex C. Nisenbaum, Karen H. Shin, Justin A. Chiarodo, and Michael Joseph Montalbano

Companies providing information technology products and services to U.S. government agencies are now required to notify such agencies of cyber incidents and meet specific cybersecurity standards. The executive order attempts to modernize the federal government’s cybersecurity defenses by “protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the [United States]’ ability to respond to incidents when they occur.” The executive order is just one example of the Biden administration’s push to improve the nation’s data privacy and cybersecurity practices in response to the recent series of ransomware attacks.

On May 12, 2021, President Biden signed an executive order to bolster the federal government’s cybersecurity practices and contractually obligate the private sector to align with such enhanced security practices (“the Order”). The Order comes on the heels of a ransomware attack on Colonial Pipeline that occurred on May 6, 2021, which shut down the largest oil pipeline in the United States and disrupted supplies of gasoline, diesel, and jet fuel to the East Coast. This initiative to improve the security of the software supply chain also stems from the SolarWinds cyberattack that occurred last year. In the attack, Russian hackers used a routine software update that Texas-based SolarWinds Corp. provided to its customers to install malicious code, allowing the hackers to infiltrate nine federal agencies and about 100 companies.

Proposed amendments are expected soon from the Federal Acquisition Regulation (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”) that will increase compliance obligations for government contractors and their vendors, building on a string of supply chain and cybersecurity regulation in recent years (including Section 889’s prohibition on the use of certain Chinese telecommunications, new registration requirements in the Supplier Performance Risk System, and the Department of Defense’s Cybersecurity Maturity Model Certification program). We see the biggest impacts on government contractors, such as developers and users of software.

To read the full client alert, please click here