DOD Meeting Makes Clear DOD Cybersecurity Rule Will Trigger New Requirements
December 15, 2015
We previously notified you of a meeting on the new updated Department of Defense (DOD) rule on cybersecurity, DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (August 2015), and its October 2015 Class Deviation. The meeting, hosted by DOD, made clear that these new updated rules pose significant new obligations for DOD contractors and subcontractors. Your company's procurement and legal compliance representatives need to be on top of these matters.
Key Developments:
DOD considers the new obligations to be triggered under the clause when performance of the DOD contract or subcontract involves ?Covered Defense Information? (CDI) or operationally critical support (OCS). These significant obligations require contractor information systems to comply with new NIST 800-171 standards and, where the contractor uses cloud services, require notification and use of Government-approved cloud services providers for cloud storage or transmission under DOD contracts. Contractors are required to report a cyber incident that affects a covered system or the CDI, or that affects the contractors ability to perform the OCS requirements. Contractors have the right to seek additional compensation to meet these obligations, but to do so they must initiate specific steps before agreeing to the new terms.
Triggers:
Application of the clause is triggered if a DOD contract would provide the contractor, or the contractor otherwise would collect, develop, receive, transmit, use or store, of any of the following four types of CDI in support of performance of your DOD contract or subcontract:
- Controlled technical information [CTI].
- Critical information (operations security).
- Export controlled information.
- Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies (e.g., privacy, proprietary business information).
The clause also is triggered if the contractor would provide OCS, meaning supplies or services the Government designates as ?for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.
Requirements:
Compliance with the clause requires that a contractors covered systems and protection of CDI meet the new NIST SP 800-171 standards. Use of cloud services (CS) to store or transit CDI in performance of the contract requires DOD notice and use of DOD-approved cloud services. Contractors must rapidly report directly to DOD on a cyber incident that affects, or risks affecting, a covered contractor information system or CDI, or that affects the contractors ability to perform the operationally critical support requirements. Only pre-approved personnel can do the reporting. The requirements apply to contractors and subcontractors.
Takeaways and Next Steps:
- Ensure your company's procurement and legal compliance representatives are up to speed on these new, significant changes for DOD contracts.
- If asked to include the new clause in your existing contract, you have the right to seek compensation for the increased costs and time needed to address the additional requirements. You must notify the Contracting Officer (or your prime) of the impact of this change and your right to an equitable adjustment, and negotiate the terms before you accept the clause, or risk losing your right to seek compensation.
- New DOD procurements and contracts will include the clause. Proactively check whether they trigger clause requirements and factor your compliance costs, and any required waiver or approvals, into proposal preparations and the ultimate contract. Its likely that most companies will need to do something.
You have options. If you would like to understand your requirements or would like assistance in this area, please contact a FortneyScott attorney.
On Thursday, June 5, 2025, from 2:00 to 3:00 p.m. ET, FortneyScott will host a webinar entitled, EEOC Update in Trump 2.0 . Join us for this practical, timely discussion designed to help HR professionals, in-house counsel, and business leaders navigate these challenging areas. As a special guest, Victoria Lipnic , former EEOC Commissioner and Acting Chair who now is a Partner at Resolution Economics and leader of the firm’s Human Capital Strategy Group, will join FortneyScott attorneys, David Fortney and H. Juanita Beecher, to discuss the latest EEOC developments. Under the leadership of President Trump’s Acting Chair Andrea Lucas, the EEOC has been busy implementing the Administration’s agenda. This has included President Trump’s Executive Orders announcing forebearance on disparate impact enforcement, focusing on “Illegal DEI,” removing guidance and materials relating to gender identity, and focusing on religious discrimination, anti-Semitism, and anti-Christian bias. We also will discuss the status of the two announced nominations for EEOC commissioners and staffing of critical positions at the agency. To register for this webinar, click here . For additional information, please visit FortneyScott’s website , including recent developments and FortneyScott’s webinars and podcasts .
On May 19, 2025, the Department of Justice (DOJ) announced a new Civil Rights Fraud Initiative, which will utilize the False Claims Act (FCA) to investigate and, as appropriate, pursue claims against any recipient of federal funds that knowingly violates federal civil rights laws. Violations of the FCA can result in treble damages and significant penalties. Deputy US Attorney General Todd Blanche issued a memorandum instructing DOJ attorneys to file FCA claims against recipients of federal money if a recipient knowingly violates civil right laws and falsely certifies compliance with Title IV, Title VI, and Title IX of the Civil Rights Acts of 1964. The memorandum states that the FCA is also implicated whenever federal funding recipients and contractors certify compliance with civil rights laws while knowingly engaging in racist preferences, mandates, policies, programs and activities, including through diversity, equity, and inclusion (DEI) programs that assign benefits or burdens on race, ethnicity, or national origin. The memorandum provided the following example as violating the FCA: Accordingly, a university that accepts federal funds could violate the False Claims Act when it encourages antisemitism, refuses to protect Jewish students, allows men to intrude into women’s bathrooms, or requires women to compete against men in athletic competitions. The Initiative will utilize the FCA to investigate and pursue claims, and will be co-led by the DOJ’s Civil Division’s Fraud Section and the Civil Rights Division. Finally, the DOJ strongly encourages private parties “to protect the public interest by filing lawsuits and litigating claims” under the FCA—reminding the public that successful FCA claims will result in the reporting party receiving a share of the financial damages that are imposed again FCA violators. FortneyScott will continue to monitor these developments. If you have any questions, please reach out to your FortneyScott attorney.
The Equal Employment Opportunity Commission (EEOC) officially opened the 2024 EEO-1 Component 1 data collection portal today, May 20, 2025. All private employers with 100 or more employees and any federal contractors with 50 or more employees are required to file their EEO-1 Reports by June 24, 2025. On the EEOC website employers can find FAQs , instruction booklet , fact sheets , file specifications and more. In her message announcing the opening of the portal, Acting Chair Andrea Lucas reinforced the Trump Administration’s anti-DEI push, stating: I want to take this opportunity to remind you of your obligations under Title VII of the Civil Rights Act of 1964 not to take any employment actions based on, or motivated in whole or in part by, any employee’s race, sex or other protected characteristics. She went on to say that there is no “diversity” exception to Title VII’s requirements and reminded employers that just because employers collect and report race and sex data does not justify using the data to treat employees differently based on protected characteristics. Acting Chair Lucas also noted that President Trump’s Executive Order on disparate impact directed all agencies, including EEOC, to deprioritize “disparate impact” enforcement. If you have any questions, please reach out to your FortneyScott attorney.
EEOC is expected to open the portal for submission of 2024 EEO-1 Component 1 Report on May 20, 2025. On May 12, 2025, the Office of Information and Regulatory Affairs (OIRA) of the Office of Management and Budget (OMB) approved the proposed changes to the 2024 EEO-1 Component 1 Report. The EEOC had submitted the revised 2024 EEO-1 Component 1 Data Collection Instruction Booklet and justifications for the changes to OMB on April 15. The primary change for employers is the elimination of the report’s non-binary reporting option in response to President Trump’s Executive Order 14168, Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government . In addition, EEOC will no longer provide the “Notice of Failure to File” letter to employers with incomplete or unfiled EEO-1 Reports and updated the procedures for requesting an undue hardship. According to the EEOC’s 2024 EEO-1 Component 1 Data Collection Instruction Booklet, employers will have a much shorter filing period to file their reports than in previous years as the portal will close on June 24, 2025 . With this significantly shorter filing period (which is nearly a month shorter than last year), employers should begin collecting their data as soon as possible. One additional note, although Executive Order 11246 was rescinded by President Trump on January 21, 2025, the Booklet notes that federal contractors with 50 or more employees will still be required to file EEO-1 Reports on their 2024 data. FortneyScott will provide an update as soon as EEOC officially announces the opening of the portal for submission of 2024 EEO-1 Component 1 Reports. If you have any questions, please reach out to your FortneyScott attorney.
Most of the remaining employees of the Department of Labor’s Office of Federal Contract Compliance Programs received layoff notices this week as the plan to drastically downsize the Office in the wake of Executive Order 14173 proceeds. Affected workers at the OFCCP got a 30-day warning in advance of their June 6th terminations. The agency plans to maintain a presence only in the Southwest region, with a headquarters in Dallas.
President Donald Trump has nominated Brittany Bull Panuccio, an assistant U.S. attorney in Florida, to the U.S. Equal Employment Opportunity Commission. If confirmed, her term would run to July 2029. Panuccio's confirmation would restore the Commission's quorum and create a Republican majority. The reconstituted Commission would be able to issue or withdraw regulations and institute policies in the line with the Trump administrations’ positions. She will join EEOC's Acting Chair, Andrea Lucas, a Trump appointee (renominated), and Commissioner Kalpana Kotagal, who was appointed by President Joe Biden.
On Thursday, June 5, 2025, from 2:00 to 3:00 p.m. ET, FortneyScott will host a webinar entitled, EEOC Update in Trump 2.0 . Join us for this practical, timely discussion designed to help HR professionals, in-house counsel, and business leaders navigate these challenging areas. As a special guest, Victoria Lipnic , former EEOC Commissioner and Acting Chair who now is a Partner at Resolution Economics and leader of the firm’s Human Capital Strategy Group, will join FortneyScott attorneys, David Fortney and H. Juanita Beecher, to discuss the latest EEOC developments. Under the leadership of President Trump’s Acting Chair Andrea Lucas, the EEOC has been busy implementing the Administration’s agenda. This has included President Trump’s Executive Orders announcing forebearance on disparate impact enforcement, focusing on “Illegal DEI,” removing guidance and materials relating to gender identity, and focusing on religious discrimination, anti-Semitism, and anti-Christian bias. We also will discuss the status of the two announced nominations for EEOC commissioners and staffing of critical positions at the agency. To register for this webinar, click here . For additional information, please visit FortneyScott’s website , including recent developments and FortneyScott’s webinars and podcasts .
On May 19, 2025, the Department of Justice (DOJ) announced a new Civil Rights Fraud Initiative, which will utilize the False Claims Act (FCA) to investigate and, as appropriate, pursue claims against any recipient of federal funds that knowingly violates federal civil rights laws. Violations of the FCA can result in treble damages and significant penalties. Deputy US Attorney General Todd Blanche issued a memorandum instructing DOJ attorneys to file FCA claims against recipients of federal money if a recipient knowingly violates civil right laws and falsely certifies compliance with Title IV, Title VI, and Title IX of the Civil Rights Acts of 1964. The memorandum states that the FCA is also implicated whenever federal funding recipients and contractors certify compliance with civil rights laws while knowingly engaging in racist preferences, mandates, policies, programs and activities, including through diversity, equity, and inclusion (DEI) programs that assign benefits or burdens on race, ethnicity, or national origin. The memorandum provided the following example as violating the FCA: Accordingly, a university that accepts federal funds could violate the False Claims Act when it encourages antisemitism, refuses to protect Jewish students, allows men to intrude into women’s bathrooms, or requires women to compete against men in athletic competitions. The Initiative will utilize the FCA to investigate and pursue claims, and will be co-led by the DOJ’s Civil Division’s Fraud Section and the Civil Rights Division. Finally, the DOJ strongly encourages private parties “to protect the public interest by filing lawsuits and litigating claims” under the FCA—reminding the public that successful FCA claims will result in the reporting party receiving a share of the financial damages that are imposed again FCA violators. FortneyScott will continue to monitor these developments. If you have any questions, please reach out to your FortneyScott attorney.
The Equal Employment Opportunity Commission (EEOC) officially opened the 2024 EEO-1 Component 1 data collection portal today, May 20, 2025. All private employers with 100 or more employees and any federal contractors with 50 or more employees are required to file their EEO-1 Reports by June 24, 2025. On the EEOC website employers can find FAQs , instruction booklet , fact sheets , file specifications and more. In her message announcing the opening of the portal, Acting Chair Andrea Lucas reinforced the Trump Administration’s anti-DEI push, stating: I want to take this opportunity to remind you of your obligations under Title VII of the Civil Rights Act of 1964 not to take any employment actions based on, or motivated in whole or in part by, any employee’s race, sex or other protected characteristics. She went on to say that there is no “diversity” exception to Title VII’s requirements and reminded employers that just because employers collect and report race and sex data does not justify using the data to treat employees differently based on protected characteristics. Acting Chair Lucas also noted that President Trump’s Executive Order on disparate impact directed all agencies, including EEOC, to deprioritize “disparate impact” enforcement. If you have any questions, please reach out to your FortneyScott attorney.
EEOC is expected to open the portal for submission of 2024 EEO-1 Component 1 Report on May 20, 2025. On May 12, 2025, the Office of Information and Regulatory Affairs (OIRA) of the Office of Management and Budget (OMB) approved the proposed changes to the 2024 EEO-1 Component 1 Report. The EEOC had submitted the revised 2024 EEO-1 Component 1 Data Collection Instruction Booklet and justifications for the changes to OMB on April 15. The primary change for employers is the elimination of the report’s non-binary reporting option in response to President Trump’s Executive Order 14168, Defending Women From Gender Ideology Extremism and Restoring Biological Truth to the Federal Government . In addition, EEOC will no longer provide the “Notice of Failure to File” letter to employers with incomplete or unfiled EEO-1 Reports and updated the procedures for requesting an undue hardship. According to the EEOC’s 2024 EEO-1 Component 1 Data Collection Instruction Booklet, employers will have a much shorter filing period to file their reports than in previous years as the portal will close on June 24, 2025 . With this significantly shorter filing period (which is nearly a month shorter than last year), employers should begin collecting their data as soon as possible. One additional note, although Executive Order 11246 was rescinded by President Trump on January 21, 2025, the Booklet notes that federal contractors with 50 or more employees will still be required to file EEO-1 Reports on their 2024 data. FortneyScott will provide an update as soon as EEOC officially announces the opening of the portal for submission of 2024 EEO-1 Component 1 Reports. If you have any questions, please reach out to your FortneyScott attorney.
Most of the remaining employees of the Department of Labor’s Office of Federal Contract Compliance Programs received layoff notices this week as the plan to drastically downsize the Office in the wake of Executive Order 14173 proceeds. Affected workers at the OFCCP got a 30-day warning in advance of their June 6th terminations. The agency plans to maintain a presence only in the Southwest region, with a headquarters in Dallas.
President Donald Trump has nominated Brittany Bull Panuccio, an assistant U.S. attorney in Florida, to the U.S. Equal Employment Opportunity Commission. If confirmed, her term would run to July 2029. Panuccio's confirmation would restore the Commission's quorum and create a Republican majority. The reconstituted Commission would be able to issue or withdraw regulations and institute policies in the line with the Trump administrations’ positions. She will join EEOC's Acting Chair, Andrea Lucas, a Trump appointee (renominated), and Commissioner Kalpana Kotagal, who was appointed by President Joe Biden.
Today, the DOL published a Field Assistance Bulletin (FAB) to provide enforcement guidance to the DOL’s Wage and Hour Division (WHD) field staff when determining whether an independent contractor has been misclassified under FLSA. Specifically, the DOL’s Press Release states that the agency is still reviewing the 2024 final rule, Employee or Independent Contractor Classification Under the Fair Labor Standards Act (2024 Rules) and, therefore, WHD investigators are directed not to apply the 2024 Rule when determining employee versus independent contractor status in FLSA investigation. Instead, investigators are told to rely on the prior version of Fact Sheet 13 that was issued in July 2008 which is included in the FAB, and reinstated Opinion Letter FLSA 2019-6 with respect to any matter for which no payment has been made for back wages and/or civil money penalties as of May 1, 2025. It's important to note that the 2024 Rule remains in effect for purposes of private litigation and nothing in this FAB changes the rights of employees or responsibilities of employers under the FLSA. Employers should review the FAB and the additional documentation to understand how the current Administration will enforce independent contractor misclassification. Should you have any questions, please reach out to your FortneyScott attorney.
As employers navigate evolving legal, political, and cultural dynamics in the workplace, certain core obligations remain as critical as ever. This webinar will focus on three areas of the law that deserve renewed attention in 2025 and beyond: Barrier Analysis: With many employers scaling back or eliminating formal DEI initiatives, barrier analysis has become an essential—and legally sound—tool to identify and prevent workplace discrimination. We’ll explore how employers can use barrier analyses to effectively meet compliance goals and mitigate legal risk. Pay Practices: As state-level requirements continue to expand, pay practices remain central to legal compliance. We’ll break down what employers need to do now to stay ahead of audits, meet transparency mandates, and proactively address pay disparities. Accommodations: Religious and disability-related accommodation requests are on the rise. We’ll discuss recent legal developments and best practices for managing accommodation requests consistently and lawfully.
Employment Law: What Hasn't Changed?
During this webinar, FortneyScott's experienced practitioners will: Catalogue of the Administration’s activities focused on Higher Education; Trace the trends across agencies; Discuss expanded use of Title VI; and, Provide practical guidance for all employers.
