The Federal Acquisition Regulations (“FAR”) and its supplements, such as the Department of Defense Federal Acquisition Regulation Supplement (“DFARS”), impose upon federal contractors specific requirements regarding how data, including cloud computing, must be stored and transported relative to a government contract. Non-compliance can lead to cure notices, adverse past performance determinations, fee reduction penalties, and possible civil False Claims Act (FCA) implications – as well as reputational risk and responsibility issues – all of which could lead to substantial monetary penalties, including the loss of awards.
A key element of McCarter & English’s comprehensive compliance review is an examination of the company’s cybersecurity stance as it relates to defense contracts and subcontracts. McCarter & English examines cybersecurity preparedness in line with the requirements set out in the FAR, DFARS, and NIST Special Publications to create government contract specific supplements to any existing data or information security plan. If no such plan or policy exists, McCarter & English assists in creating a comprehensive plan inclusive of all cybersecurity needs and requirements, commercial and government alike.
As needed, and in light of the highly technical nature of the cybersecurity compliance examination that must be performed, McCarter & English is also prepared to team with a host of dedicated and experienced cybersecurity technical services vendors to ensure the most robust assessment possible while retaining the elements of attorney-client privilege.
The area of cybersecurity is dynamic and additional requirements and changes to these now-existing regulations are expected as the government promulgates new regulations to keep pace with advancements in technology. Accordingly, vigilance is mandatory when assessing the regulatory landscape of cybersecurity.