DOD Meeting Makes Clear DOD Cybersecurity Rule Will Trigger New Requirements
December 15, 2015
We previously notified you of a meeting on the new updated Department of Defense (DOD) rule on cybersecurity, DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (August 2015), and its October 2015 Class Deviation. The meeting, hosted by DOD, made clear that these new updated rules pose significant new obligations for DOD contractors and subcontractors. Your company's procurement and legal compliance representatives need to be on top of these matters.
Key Developments:
DOD considers the new obligations to be triggered under the clause when performance of the DOD contract or subcontract involves ?Covered Defense Information? (CDI) or operationally critical support (OCS). These significant obligations require contractor information systems to comply with new NIST 800-171 standards and, where the contractor uses cloud services, require notification and use of Government-approved cloud services providers for cloud storage or transmission under DOD contracts. Contractors are required to report a cyber incident that affects a covered system or the CDI, or that affects the contractors ability to perform the OCS requirements. Contractors have the right to seek additional compensation to meet these obligations, but to do so they must initiate specific steps before agreeing to the new terms.
Triggers:
Application of the clause is triggered if a DOD contract would provide the contractor, or the contractor otherwise would collect, develop, receive, transmit, use or store, of any of the following four types of CDI in support of performance of your DOD contract or subcontract:
- Controlled technical information [CTI].
- Critical information (operations security).
- Export controlled information.
- Any other information, marked or otherwise identified in the contract, that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies (e.g., privacy, proprietary business information).
The clause also is triggered if the contractor would provide OCS, meaning supplies or services the Government designates as ?for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.
Requirements:
Compliance with the clause requires that a contractors covered systems and protection of CDI meet the new NIST SP 800-171 standards. Use of cloud services (CS) to store or transit CDI in performance of the contract requires DOD notice and use of DOD-approved cloud services. Contractors must rapidly report directly to DOD on a cyber incident that affects, or risks affecting, a covered contractor information system or CDI, or that affects the contractors ability to perform the operationally critical support requirements. Only pre-approved personnel can do the reporting. The requirements apply to contractors and subcontractors.
Takeaways and Next Steps:
- Ensure your company's procurement and legal compliance representatives are up to speed on these new, significant changes for DOD contracts.
- If asked to include the new clause in your existing contract, you have the right to seek compensation for the increased costs and time needed to address the additional requirements. You must notify the Contracting Officer (or your prime) of the impact of this change and your right to an equitable adjustment, and negotiate the terms before you accept the clause, or risk losing your right to seek compensation.
- New DOD procurements and contracts will include the clause. Proactively check whether they trigger clause requirements and factor your compliance costs, and any required waiver or approvals, into proposal preparations and the ultimate contract. Its likely that most companies will need to do something.
You have options. If you would like to understand your requirements or would like assistance in this area, please contact a FortneyScott attorney.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc . This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18 th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc. This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
During the first months of the Trump Administration employers have faced unprecedented challenges in understanding and keeping up with the rapidly changing legal environment. To assist our clients in successfully navigating these challenges, FortneyScott is initiating a four-month, complimentary training program addressing Workplace Legal Compliance. These new, original trainings will occur during September through December, 2025 and will include 4 monthly webinars, at least 4 podcasts of DC Insider—Employer Update and timely alerts as developments unfold. The trainings are designed to provide substantive updates and to assist employers in addressing the latest developments as part of their organization’s comprehensive workplace legal compliance program. How to Participate : Register now for the FortneyScott Workplace Legal Compliance webinars, podcast notifications and alerts: Register for all 4 webinars (September 18, October 23, November 20 and December 18). Register for notifications of new podcast episodes of DC Insider—Employer Update. Register for Workplace Legal Compliance alerts and updates. If you have an immediate questions or feedback, please contact any of the FortneyScott attorneys or email info@fortneyscott.com . Additional Background : Workplace legal compliance is essential for mitigating risk, protecting employees, and fostering a positive and reputable company culture. Adhering to federal, state, and local laws concerning labor, safety, and discrimination prevents costly penalties, lawsuits, and operational disruptions. Beyond simply avoiding legal and financial consequences, compliance builds trust with employees and other stakeholders by demonstrating a commitment to ethical conduct. This creates a fair and safe work environment that boosts employee morale, increases retention, and enhances overall productivity. By proactively managing legal responsibilities, an organization strengthens its reputation and brand image, which in turn can attract top talent and create a competitive advantage in the marketplace. FortneyScott’s Workplace Legal Compliance supports employers in meeting these objectives. Ultimately, legal compliance is not only a regulatory obligation – it is a strategic investment in the long-term success and integrity of your organization.
We are pleased to announce that FortneyScott attorney David Fortney has been recognized as one of The Best Lawyers in America for 2026, in recognition of outstanding achievement and contributions to the field of Labor and Employment law. This marks a continuation of his recognition in The Best Lawyers in America since 2008, reflecting a sustained commitment to excellence, innovation, and leadership. It underscores the impact of his work within the professional community. We extend our congratulations on this well-deserved recognition.
The U.S. Department of Justice (DOJ), Civil Division is sending Civil Investigative Demands (CIDs) to federal contractors seeking information on their DEI practices, under its authority to investigate False Claims Act (FCA) claims. Flowing from President Trump’s Executive Order 14173, which seeks to limit DEI efforts, the DOJ recently launched the Civil Rights Fraud Initiative, which utilizes the FCA to investigate and pursue claims against recipients of federal funds (including federal contractors) that their DEI practices violate federal civil rights laws. The focus of these investigations will likely be: Discriminatory preferences/goals: DEI programs that assign benefits or burdens based on race, ethnicity, or national origin. Use of proxies to mask discrimination: Practices using criteria like "cultural competence" or "lived experience" as proxies for protected characteristics in hiring or promotion decisions. Segregation in the workplace: Limiting membership in affinity groups or separating employees by protected characteristics during training. Discriminatory training programs: DEI training that promotes stereotypes, excludes individuals based on protected characteristics, or creates a hostile environment. Failure to protect against antisemitism: Institutions accepting federal funds that do not adequately address antisemitism or other civil rights violations. Organizations found to be in violation of the FCA can face significant penalties, including treble damages (three times the amount of damages incurred by the government), civil penalties for each false claim, and reputational harm. As a result, all federal contractors and grant recipients should be on high alert for any communication from DOJ and should immediately notify internal counsel if any such communication is received. Please contact your FortneyScott attorney or email us at info@fortneyscott.com for additional information on how to be prepared and to respond to these DOJ investigations and other best practices recommendations.
As the Trump Administration reshapes the U.S. Department of Labor (DOL), employers and federal contractors face significant shifts in agency leadership, budget priorities, enforcement programs, and regulatory strategies. Join FortneyScott attorneys for an in-depth webinar covering what these changes may mean for your organization. Key Topics to be Covered Include: New Leadership: Review of confirmed and pending DOL appointees, including Secretary Chavez-DeRemer and Deputy Secretary Keith Sonderling. Compliance & Self-Audit Programs: Expansion of opinion letter guidance and voluntary audit initiatives across W&H, VETS, OSHA, EBSA, MSHA, and OLMS. Aggressive Deregulatory Agenda: Efforts to revoke EO 11246 regulations, registered apprenticeship affirmative action requirements, and legacy EBSA guidance. Regulatory Revisions & Enforcement: Reforms to Section 503, VEVRAA, tip-credit rules, and child labor standards — including new penalty frameworks. Status of Biden-Era Rules: Updates on independent contractor, overtime, minimum wage, and PLA-related regulations. Proposed FY2026 Budget: 35% overall reduction, including workforce downsizing and potential elimination of OFCCP, Job Corp, and the Women’s Bureau. Strategic Considerations: How the return of the PAID program and potential OFCCP self-audit options may affect employer risk exposure.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc . This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance.
Federal policies under the Trump Administration are reshaping workplaces nationwide. Employers must stay ahead of evolving laws and shifting EEOC priorities. Join FortneyScott attorneys on Thursday, September 18 th at noon EDT to learn the key steps organizations should take now to ensure compliance with EEO laws influenced by these broader policy changes. Key Topics to be Covered Include: Status of the Commission and what to expect once there is a restored quorum; Current EEOC priorities , including protecting religious liberties, eliminating unlawful DEI, and reshaping sex discrimination; Notable EEOC enforcement actions, updates, and emerging trends; and Actionable strategies and key takeaways to ensure compliance with Title VII, the PWFA, etc. This webinar is the first in a four-part series designed for compliance professionals, in-house counsel, HR and inclusion leaders, and other business leaders responsible for labor and employment law compliance. To register for FortneyScott’s Workplace Legal Compliance training series, please click here .
During the first months of the Trump Administration employers have faced unprecedented challenges in understanding and keeping up with the rapidly changing legal environment. To assist our clients in successfully navigating these challenges, FortneyScott is initiating a four-month, complimentary training program addressing Workplace Legal Compliance. These new, original trainings will occur during September through December, 2025 and will include 4 monthly webinars, at least 4 podcasts of DC Insider—Employer Update and timely alerts as developments unfold. The trainings are designed to provide substantive updates and to assist employers in addressing the latest developments as part of their organization’s comprehensive workplace legal compliance program. How to Participate : Register now for the FortneyScott Workplace Legal Compliance webinars, podcast notifications and alerts: Register for all 4 webinars (September 18, October 23, November 20 and December 18). Register for notifications of new podcast episodes of DC Insider—Employer Update. Register for Workplace Legal Compliance alerts and updates. If you have an immediate questions or feedback, please contact any of the FortneyScott attorneys or email info@fortneyscott.com . Additional Background : Workplace legal compliance is essential for mitigating risk, protecting employees, and fostering a positive and reputable company culture. Adhering to federal, state, and local laws concerning labor, safety, and discrimination prevents costly penalties, lawsuits, and operational disruptions. Beyond simply avoiding legal and financial consequences, compliance builds trust with employees and other stakeholders by demonstrating a commitment to ethical conduct. This creates a fair and safe work environment that boosts employee morale, increases retention, and enhances overall productivity. By proactively managing legal responsibilities, an organization strengthens its reputation and brand image, which in turn can attract top talent and create a competitive advantage in the marketplace. FortneyScott’s Workplace Legal Compliance supports employers in meeting these objectives. Ultimately, legal compliance is not only a regulatory obligation – it is a strategic investment in the long-term success and integrity of your organization.
We are pleased to announce that FortneyScott attorney David Fortney has been recognized as one of The Best Lawyers in America for 2026, in recognition of outstanding achievement and contributions to the field of Labor and Employment law. This marks a continuation of his recognition in The Best Lawyers in America since 2008, reflecting a sustained commitment to excellence, innovation, and leadership. It underscores the impact of his work within the professional community. We extend our congratulations on this well-deserved recognition.
The U.S. Department of Justice (DOJ), Civil Division is sending Civil Investigative Demands (CIDs) to federal contractors seeking information on their DEI practices, under its authority to investigate False Claims Act (FCA) claims. Flowing from President Trump’s Executive Order 14173, which seeks to limit DEI efforts, the DOJ recently launched the Civil Rights Fraud Initiative, which utilizes the FCA to investigate and pursue claims against recipients of federal funds (including federal contractors) that their DEI practices violate federal civil rights laws. The focus of these investigations will likely be: Discriminatory preferences/goals: DEI programs that assign benefits or burdens based on race, ethnicity, or national origin. Use of proxies to mask discrimination: Practices using criteria like "cultural competence" or "lived experience" as proxies for protected characteristics in hiring or promotion decisions. Segregation in the workplace: Limiting membership in affinity groups or separating employees by protected characteristics during training. Discriminatory training programs: DEI training that promotes stereotypes, excludes individuals based on protected characteristics, or creates a hostile environment. Failure to protect against antisemitism: Institutions accepting federal funds that do not adequately address antisemitism or other civil rights violations. Organizations found to be in violation of the FCA can face significant penalties, including treble damages (three times the amount of damages incurred by the government), civil penalties for each false claim, and reputational harm. As a result, all federal contractors and grant recipients should be on high alert for any communication from DOJ and should immediately notify internal counsel if any such communication is received. Please contact your FortneyScott attorney or email us at info@fortneyscott.com for additional information on how to be prepared and to respond to these DOJ investigations and other best practices recommendations.
As the Trump Administration reshapes the U.S. Department of Labor (DOL), employers and federal contractors face significant shifts in agency leadership, budget priorities, enforcement programs, and regulatory strategies. Join FortneyScott attorneys for an in-depth webinar covering what these changes may mean for your organization. Key Topics to be Covered Include: New Leadership: Review of confirmed and pending DOL appointees, including Secretary Chavez-DeRemer and Deputy Secretary Keith Sonderling. Compliance & Self-Audit Programs: Expansion of opinion letter guidance and voluntary audit initiatives across W&H, VETS, OSHA, EBSA, MSHA, and OLMS. Aggressive Deregulatory Agenda: Efforts to revoke EO 11246 regulations, registered apprenticeship affirmative action requirements, and legacy EBSA guidance. Regulatory Revisions & Enforcement: Reforms to Section 503, VEVRAA, tip-credit rules, and child labor standards — including new penalty frameworks. Status of Biden-Era Rules: Updates on independent contractor, overtime, minimum wage, and PLA-related regulations. Proposed FY2026 Budget: 35% overall reduction, including workforce downsizing and potential elimination of OFCCP, Job Corp, and the Women’s Bureau. Strategic Considerations: How the return of the PAID program and potential OFCCP self-audit options may affect employer risk exposure.
As the Trump Administration reshapes the U.S. Department of Labor (DOL), employers and federal contractors face significant shifts in agency leadership, budget priorities, enforcement programs, and regulatory strategies. Join FortneyScott attorneys on Thursday, August 14th at noon EDT for an in-depth webinar covering what these changes may mean for your organization. CLICK HERE to register. Key Topics to be Covered Include: New Leadership: Review of confirmed and pending DOL appointees, including Secretary Chavez-DeRemer and Deputy Secretary Keith Sonderling. Compliance & Self-Audit Programs: Expansion of opinion letter guidance and voluntary audit initiatives across W&H, VETS, OSHA, EBSA, MSHA, and OLMS. Aggressive Deregulatory Agenda: Efforts to revoke EO 11246 regulations, registered apprenticeship affirmative action requirements, and legacy EBSA guidance. Regulatory Revisions & Enforcement: Reforms to Section 503, VEVRAA, tip-credit rules, and child labor standards — including new penalty frameworks. Status of Biden-Era Rules: Updates on independent contractor, overtime, minimum wage, and PLA-related regulations. Proposed FY2026 Budget: 35% overall reduction, including workforce downsizing and potential elimination of OFCCP, Job Corp, and the Women’s Bureau. Strategic Considerations: How the return of the PAID program and potential OFCCP self-audit options may affect employer risk exposure. Who Should Attend: Compliance professionals, in-house counsel, HR and inclusion leaders, and anyone with responsibility for compliance with labor and employment laws.
On July 30, 2025, the U.S. Court of Appeals for the Ninth Circuit in a panel decision affirmed the District Court’s Order in Center for Investigative Reporting v. DOL compelling the DOL to disclose federal contractors’ EEO-1 reports in response to a Freedom of Information Act (“FOIA”) request. The underlying FOIA request was sent to the DOL’s Office of Federal Contract Compliance Programs (“OFCCP”) in 2022 seeking consolidated EEO-1 reports for all federal contractors filed between 2016 and 2020. DOL disclosed the EEO-1 report of non-objecting contractors but withheld from disclosure 16,755 EEO reports from 4,141 objection contractors. In its Opinion, the Ninth Circuit affirmed the District Order’s finding that EEO-1 reports are not exempt from disclosure under FOIA Exemption 4, which protects trade secrets and confidential commercial or financial information. Specifically, the Ninth Circuit found that EEO-1 report data is not “commercial” because workforce-compensation data is not designed to be bought and sold, nor does it reveal basic commercial operations, such as sales statistics, profits and losses, or inventories. The Court held that DOL failed to establish that EEO-1 reports describe an exchange of goods or services or the making of a profit. While the Ninth Circuit Order is limited to compelling the release of 2016-2020 reports in response to CIR’s FOIA request, DOL also relied on Exemption 4 to withhold the production of federal contractors’ 2021 consolidated EEO-1 reports in response to FOIA requests issued by the University of Utah and As You Sow. DOL has not issued a comment, and it is not known at this time whether the DOL will appeal this determination. FortneyScott will continue to monitor this and related cases.
On July 23, 2025, the Trump Administration issued America’s AI Action Plan that provides policy recommendations to achieve the goal of global AI dominance by the United States. Of particular interest to employers, the Action Plan includes recommendations to empower American workers in the age of AI, for training a skilled workforce for AI infrastructure and jobs, and for developing new criteria to address misinformation, including specifically identifying DEI. Join FortneyScott for a discussion on the employment-law related key provisions of America’s AI Action Plan and how they may impact the workforce.
On July 23, 2025, the Trump Administration issued America’s AI Action Plan that provides policy recommendations to achieve the goal of global AI dominance by the United States. Of particular interest to employers, the Action Plan includes recommendations to empower American workers in the age of AI, for training a skilled workforce for AI infrastructure and jobs, and for developing new criteria to address misinformation, including specifically identifying DEI. Join FortneyScott lawyers on Thursday, July 31, 2025, at 12:00 PM ET for a discussion of the employment-law related key provisions of America’s AI Action Plan and how they may impact the workforce. Please click here to register.
