Trump Issues Executive Order to Strengthen Cybersecurity and Critical Infrastructure
May 17, 2017
On May 11, 2017, President Trump issued an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure” (“EO”). The EO makes Executive Branch agency heads responsible for ensuring the cybersecurity of their systems and information. It also directs these agencies to report, plan and budget for improvements to the cybersecurity of their Federal systems in order to adequately protect “the executive branch enterprise.” The EO calls for agencies to apply the National Institute of Standards and Technology (“NIST”) Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) in developing reports that ultimately will be used to determine an Executive Branch cybersecurity plan. The Framework to be used by these agencies is the same one that has been in place since 2014 as voluntary guidance to businesses on the development of a risk-based approach for addressing and managing cybersecurity risks. Notably, the EO calls for the Executive Branch’s development and transition to a “modern, secure, and more resilient executive branch IT [Information Technology] architecture,” with a preference to procure shared IT services, including email, cloud and cybersecurity services.
The EO also calls for agencies to support the cybersecurity of U.S. critical infrastructure, which is defined to include critical physical and information infrastructures and networks in telecommunications, energy, financial services, water, and transportation sectors. The EO also seeks to identify the cybersecurity risks facing the Department of Defense (“DoD”) and the defense industry base, including its supply chain, and to address the threats posed by botnets and other automated, distributed cyber attacks.
Takeaways:
- Cybersecurity remains a critical concern for this administration. We should expect that additional guidance and likely increased requirements will be issued to implement better and more comprehensive cybersecurity in government and with regard to those involved in national security, or other activities critical to the accomplishment of the government’s missions.
- Given the President’s expressed intent to update Executive Branch IT systems and services, it is likely that an Agency’s plans to address cybersecurity needs will be factored into that Agency’s, and ultimately, the President’s Executive Branch-wide, strategic, operational and budgetary planning processes moving forward for FY 18 and beyond.
- As a government contractor, you should be checking your systems to ensure compliance with the cybersecurity requirements in your current contracts and subcontracts, and moving forward to ensure your competitive status in future procurements.
- Cybersecurity is likely to create opportunities for those with the best cybersecurity products, services and capabilities in the coming months and years.
If you have questions about the Executive Order or the requirements of current cybersecurity provisions, contact Susan Warshaw Ebner, or your FortneyScott counsel.
On Friday, June 27, 2025, OFCCP Director Catherine Eschbach issued a letter inviting federal contractors to voluntarily submit information to OFCCP detailing contractors’ efforts to “wind down compliance with the EO 11246 regulatory scheme and ensure full compliance with the Nation’s non-discrimination laws.” Join David Fortney, Liz Bradley and Nita Beecher as they analyze Director Eschbach’s letter and provide practical insights to assist federal contractors in deciding whether or how to respond to this request.
The U.S. Department of Labor has officially lifted the abeyance on OFCCP’s enforcement of Section 503 of the Rehabilitation Act (503) and the Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) via Secretary's Order 08-2025 , issued by Secretary Lori Chavez-DeRemer. This development follows the January 2025 revocation of Executive Order (EO) 11246 through the Trump Administration's EO 14173, which fundamentally altered OFCCP’s enforcement priorities and led to the temporary pause of Section 503 and VEVRAA activities via Secretary’s Order 03-2025. Key Takeaways for Employers Immediate Resumption of Investigations: OFCCP will begin processing all Section 503 and VEVRAA complaints held during the abeyance. New complaints filed during the suspension period will also move forward. Administrative Closure of Compliance Reviews: Due to historical entwinement of EO 11246 review formats with Section 503/VEVRAA, all pending compliance reviews are being administratively closed. Formal notifications will be issued to affected contractors. AAP Certification Still Closed: Despite the resumed enforcement, the affirmative action program (AAP) certification portal remains closed . Employers are still obligated to maintain compliance with Section 503 and VEVRAA regulations. VAHBP Enforcement Moratorium Extended: Providers under the Veterans Affairs Health Benefits Program (VAHBP) remain exempt from affirmative action enforcement under Section 503 and VEVRAA through May 7, 2027 . They are still subject to nondiscrimination complaint investigations. What Employers Should Do Now Watch for formal notice of compliance review closures and updates from OFCCP. Monitor communications from OFCCP and the Department of Labor for further guidance. Reach out to FortneyScott for assistance to: Review existing Section 503 and VEVRAA policies and documentation. Ensure ongoing compliance with regulatory obligations, such as preparation of 503 and VEVRAA AAPs.
The DOL is proposing to rescind the regulations implementing EO 11246 in addition to revising its regulations for Section 503 and VEVRAA in response to President Trump’s EO 14173 and EO 14219 . Proposed Changes to Section 503 Regulations The Trump Administration has proposed significant changes to the Section 503 regulations applicable to federal contractors. Specifically, the proposal: Eliminates 41 C.F.R. § 60-741.42, which requires contractors to invite applicants and employees to self-identify disability status. The Administration asserts that such data collection is inconsistent with the ADA, notwithstanding EEOC guidance affirming its permissibility. Removes the requirement under 41 C.F.R. § 60-741.44(k) for contractors to document data collection analysis , while retaining the annual assessment obligation for evaluating outreach and recruitment efforts under 41 C.F.R. § 60-741.44(f)(3). Rescinds the 7% utilization goal in 41 C.F.R. § 60-741.45 , citing its reliance on revoked EO 11246 job group structures. The proposal makes clear it will not impose a substitute analysis, referencing the directive in EO 14219 to reduce regulatory burdens. Removes cross-references and provisions tied to EO 11246 , while adding provisions for administrative enforcement proceedings under 41 C.F.R. § 60-741.65. These changes reflect a broader deregulatory approach and raise significant compliance and policy considerations for federal contractors. Proposed Changes to VEVRAA The proposed changes to VEVRAA are simply to remove cross references and language citing EO 11246 authority and to add administrative enforcement proceeding provisions to 41 C.F.R. § 60-300. VEVRAA proposal retains both the self-identification requirements for protected veterans and the hiring benchmark (at this point, OFCCP has not updated its hiring benchmark for 2025). Conclusion Despite the impending elimination of OFCCP—set for October 1, 2025—the comment periods for all three regulatory developments end September 2, 2025. OMB will then have an additional 30-day comment period. If you are interested in filing comments to these proposed changes, please let FortneyScott know by reaching out to your FortneyScott attorney or sending us an email at info@fortneyscott.com . In the meantime, FortneyScott will continue to monitor these and other developments related to EO 14173.
The OFCCP has made available for public review proposed changes to the regulations under VEVRAA and Section 503 . It has also released a proposal to eliminate the regulations tied to Executive Order 11246. These proposed rules are expected to be officially published in the Federal Register tomorrow, initiating a 60-day period for public comment. The move to rescind the Executive Order 11246 regulations follows the recent revocation of that order through Executive Order 14173. Changes suggested for the VEVRAA regulations appear to be minimal and would not significantly alter compliance obligations for contractors. In contrast, the proposed updates to the Section 503 rules would eliminate the 7 percent utilization goal by job group and the requirement that applicants/employees self-identify as disabled while retaining the annual outreach and recruitment assessment. Final rules are not anticipated for several months, and in the meantime, the current VEVRAA and Section 503 regulations remain in effect. The proposed rules will be published in the Federal Register tomorrow : https://www.federalregister.gov/public-inspection/current#regular-filing-federal-contract-compliance-programs-office
On Friday, June 27, 2025, OFCCP Director Catherine Eschbach issued a letter inviting federal contractors to voluntarily submit information to OFCCP detailing contractors’ efforts to “wind down compliance with the EO 11246 regulatory scheme and ensure full compliance with the Nation’s non-discrimination laws.” Join David Fortney, Liz Bradley and Nita Beecher at 1:00 pm ET on Thursday, July 10th as they analyze Director Eschbach’s letter and provide practical insights to assist federal contractors in deciding whether or how to respond to this request. Specifically, they will discuss: The authority of OFCCP to collect this information. How OFCCP might use the submitted data. Whether submissions are likely to be subject to FOIA. Potential implications for contractors who choose to submit or not to submit data. Practical recommendations for crafting an effective response. To register for this webinar, click here . For additional information, please visit FortneyScott’s website , including recent developments and FortneyScott’s webinars and podcasts .
On Friday, June 27, 2025, OFCCP Director Catherine Eschbach issued a letter inviting federal contractors to voluntarily share with OFCCP how they have implemented program changes under Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity . Participation is entirely at the contractor’s discretion, including the content and format of such information and contractors have 90 days from date of the letter, or until Sept 25, to submit info into contractor portal. Submission instructions are available on OFCCP’s Contractor Portal . Director Eschbach’s letter further encourages federal contractors to provide: Confirmation that they have reviewed their EO 11246 affirmative action efforts; An assessment of whether employment or recruitment practices require modification; and If so, a description of the changes made and the steps taken to modify those practices. The letter then provides a list of the type of employment practices federal contractors should consider providing, to include: Trainings, sponsorship programs, leadership development programs, educational funding, or other privileges of employment available only to employees of a certain race or sex; Placement goals based on race or sex; Ratings by diversity organizations that graded employers on factors designed to promote the rise of non-white, non-male employees; Using applicants’ or employees’ participation in race- or sex-related (internal or external) groups or organizations as a “plus factor” or proxy for race or sex in employment and hiring decisions; Tying executive compensation to meeting race- or sex-based hiring, promotion, retention, representation, or other employee-demographic-related goals; Mandating courses, orientation programs, or trainings designed to emphasize and focus on racial stereotypes; and Encouraging employees to make recruitment efforts to or employment referrals of certain candidates based on race or sex. Director Eschbach concludes by recommending federal contractors consult the recent technical guidance by EEOC on what constitutes unlawful discrimination at work. FortneyScott is reaching out to DOL officials for further information. In the meantime, FortneyScott is actively advising clients on how to respond to this voluntary request. If you have any questions, please reach out to your FortneyScott attorney.
On Friday, June 27, 2025, OFCCP Director Catherine Eschbach issued a letter inviting federal contractors to voluntarily submit information to OFCCP detailing contractors’ efforts to “wind down compliance with the EO 11246 regulatory scheme and ensure full compliance with the Nation’s non-discrimination laws.” Join David Fortney, Liz Bradley and Nita Beecher as they analyze Director Eschbach’s letter and provide practical insights to assist federal contractors in deciding whether or how to respond to this request.
The U.S. Department of Labor has officially lifted the abeyance on OFCCP’s enforcement of Section 503 of the Rehabilitation Act (503) and the Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) via Secretary's Order 08-2025 , issued by Secretary Lori Chavez-DeRemer. This development follows the January 2025 revocation of Executive Order (EO) 11246 through the Trump Administration's EO 14173, which fundamentally altered OFCCP’s enforcement priorities and led to the temporary pause of Section 503 and VEVRAA activities via Secretary’s Order 03-2025. Key Takeaways for Employers Immediate Resumption of Investigations: OFCCP will begin processing all Section 503 and VEVRAA complaints held during the abeyance. New complaints filed during the suspension period will also move forward. Administrative Closure of Compliance Reviews: Due to historical entwinement of EO 11246 review formats with Section 503/VEVRAA, all pending compliance reviews are being administratively closed. Formal notifications will be issued to affected contractors. AAP Certification Still Closed: Despite the resumed enforcement, the affirmative action program (AAP) certification portal remains closed . Employers are still obligated to maintain compliance with Section 503 and VEVRAA regulations. VAHBP Enforcement Moratorium Extended: Providers under the Veterans Affairs Health Benefits Program (VAHBP) remain exempt from affirmative action enforcement under Section 503 and VEVRAA through May 7, 2027 . They are still subject to nondiscrimination complaint investigations. What Employers Should Do Now Watch for formal notice of compliance review closures and updates from OFCCP. Monitor communications from OFCCP and the Department of Labor for further guidance. Reach out to FortneyScott for assistance to: Review existing Section 503 and VEVRAA policies and documentation. Ensure ongoing compliance with regulatory obligations, such as preparation of 503 and VEVRAA AAPs.
The DOL is proposing to rescind the regulations implementing EO 11246 in addition to revising its regulations for Section 503 and VEVRAA in response to President Trump’s EO 14173 and EO 14219 . Proposed Changes to Section 503 Regulations The Trump Administration has proposed significant changes to the Section 503 regulations applicable to federal contractors. Specifically, the proposal: Eliminates 41 C.F.R. § 60-741.42, which requires contractors to invite applicants and employees to self-identify disability status. The Administration asserts that such data collection is inconsistent with the ADA, notwithstanding EEOC guidance affirming its permissibility. Removes the requirement under 41 C.F.R. § 60-741.44(k) for contractors to document data collection analysis , while retaining the annual assessment obligation for evaluating outreach and recruitment efforts under 41 C.F.R. § 60-741.44(f)(3). Rescinds the 7% utilization goal in 41 C.F.R. § 60-741.45 , citing its reliance on revoked EO 11246 job group structures. The proposal makes clear it will not impose a substitute analysis, referencing the directive in EO 14219 to reduce regulatory burdens. Removes cross-references and provisions tied to EO 11246 , while adding provisions for administrative enforcement proceedings under 41 C.F.R. § 60-741.65. These changes reflect a broader deregulatory approach and raise significant compliance and policy considerations for federal contractors. Proposed Changes to VEVRAA The proposed changes to VEVRAA are simply to remove cross references and language citing EO 11246 authority and to add administrative enforcement proceeding provisions to 41 C.F.R. § 60-300. VEVRAA proposal retains both the self-identification requirements for protected veterans and the hiring benchmark (at this point, OFCCP has not updated its hiring benchmark for 2025). Conclusion Despite the impending elimination of OFCCP—set for October 1, 2025—the comment periods for all three regulatory developments end September 2, 2025. OMB will then have an additional 30-day comment period. If you are interested in filing comments to these proposed changes, please let FortneyScott know by reaching out to your FortneyScott attorney or sending us an email at info@fortneyscott.com . In the meantime, FortneyScott will continue to monitor these and other developments related to EO 14173.
The OFCCP has made available for public review proposed changes to the regulations under VEVRAA and Section 503 . It has also released a proposal to eliminate the regulations tied to Executive Order 11246. These proposed rules are expected to be officially published in the Federal Register tomorrow, initiating a 60-day period for public comment. The move to rescind the Executive Order 11246 regulations follows the recent revocation of that order through Executive Order 14173. Changes suggested for the VEVRAA regulations appear to be minimal and would not significantly alter compliance obligations for contractors. In contrast, the proposed updates to the Section 503 rules would eliminate the 7 percent utilization goal by job group and the requirement that applicants/employees self-identify as disabled while retaining the annual outreach and recruitment assessment. Final rules are not anticipated for several months, and in the meantime, the current VEVRAA and Section 503 regulations remain in effect. The proposed rules will be published in the Federal Register tomorrow : https://www.federalregister.gov/public-inspection/current#regular-filing-federal-contract-compliance-programs-office
On Friday, June 27, 2025, OFCCP Director Catherine Eschbach issued a letter inviting federal contractors to voluntarily submit information to OFCCP detailing contractors’ efforts to “wind down compliance with the EO 11246 regulatory scheme and ensure full compliance with the Nation’s non-discrimination laws.” Join David Fortney, Liz Bradley and Nita Beecher at 1:00 pm ET on Thursday, July 10th as they analyze Director Eschbach’s letter and provide practical insights to assist federal contractors in deciding whether or how to respond to this request. Specifically, they will discuss: The authority of OFCCP to collect this information. How OFCCP might use the submitted data. Whether submissions are likely to be subject to FOIA. Potential implications for contractors who choose to submit or not to submit data. Practical recommendations for crafting an effective response. To register for this webinar, click here . For additional information, please visit FortneyScott’s website , including recent developments and FortneyScott’s webinars and podcasts .
On Friday, June 27, 2025, OFCCP Director Catherine Eschbach issued a letter inviting federal contractors to voluntarily share with OFCCP how they have implemented program changes under Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity . Participation is entirely at the contractor’s discretion, including the content and format of such information and contractors have 90 days from date of the letter, or until Sept 25, to submit info into contractor portal. Submission instructions are available on OFCCP’s Contractor Portal . Director Eschbach’s letter further encourages federal contractors to provide: Confirmation that they have reviewed their EO 11246 affirmative action efforts; An assessment of whether employment or recruitment practices require modification; and If so, a description of the changes made and the steps taken to modify those practices. The letter then provides a list of the type of employment practices federal contractors should consider providing, to include: Trainings, sponsorship programs, leadership development programs, educational funding, or other privileges of employment available only to employees of a certain race or sex; Placement goals based on race or sex; Ratings by diversity organizations that graded employers on factors designed to promote the rise of non-white, non-male employees; Using applicants’ or employees’ participation in race- or sex-related (internal or external) groups or organizations as a “plus factor” or proxy for race or sex in employment and hiring decisions; Tying executive compensation to meeting race- or sex-based hiring, promotion, retention, representation, or other employee-demographic-related goals; Mandating courses, orientation programs, or trainings designed to emphasize and focus on racial stereotypes; and Encouraging employees to make recruitment efforts to or employment referrals of certain candidates based on race or sex. Director Eschbach concludes by recommending federal contractors consult the recent technical guidance by EEOC on what constitutes unlawful discrimination at work. FortneyScott is reaching out to DOL officials for further information. In the meantime, FortneyScott is actively advising clients on how to respond to this voluntary request. If you have any questions, please reach out to your FortneyScott attorney.
Executive Order 14173, Ending Illegal Discrimination and Restoring Merit-Based Opportunity , requires federal contractors to certify that their DEI programs comply with federal anti-discrimination laws. While some prime contractors have attempted to “flow down” this certification requirement to subcontractors, EO 14173 does not mandate such action. At present, subcontractors are not obligated to accept these flowed-down provisions. Additionally, under Executive Order 14275, Restoring Common Sense to Federal Procurement , amendments to the FAR/DFARS are expected, though no formal proposals have been issued to date. FortneyScott is closely tracking these developments and continues to advise clients as guidance evolves. For further information, please contact your FortneyScott attorney.
Special guest, Victoria Lipnic , former EEOC Commissioner and Acting Chair who now is a Partner at Resolution Economics and leader of the firm’s Human Capital Strategy Group, joins FortneyScott attorneys, David Fortney and H. Juanita Beecher, to discuss the latest EEOC developments. Under the leadership of President Trump’s Acting Chair Andrea Lucas, the EEOC has been busy implementing the Administration’s agenda. This has included President Trump’s Executive Orders announcing forebearance on disparate impact enforcement, focusing on “Illegal DEI,” removing guidance and materials relating to gender identity, and focusing on religious discrimination, anti-Semitism, and anti-Christian bias. We also will discuss the status of the two announced nominations for EEOC commissioners and staffing of critical positions at the agency.
The U.S. Department of Labor (DOL) has launched a new Opinion Letter Program , expanding its compliance assistance for workers, employers, and stakeholders seeking clarity on federal labor laws. This initiative enhances guidance on workplace legal requirements by providing official interpretations from five key enforcement agencies. FortneyScott has extensive experience securing opinion letters, and the Firm has successfully obtained significant DOL opinion letters in the past. What Employers Need to Know Through this program, employers can receive official written interpretations of labor laws as they apply to specific workplace situations. The following agencies will issue tailored guidance: Wage and Hour Division (WHD): Provides opinion letters on wage, hour, and employment law matters. Occupational Safety and Health Administration (OSHA): Issues letters of interpretation on workplace safety regulations. Employee Benefits Security Administration (EBSA): Publishes advisory opinions and information letters on employee benefits compliance. Veterans’ Employment and Training Service (VETS): Releases opinion letters related to veteran employment laws. Mine Safety and Health Administration (MSHA): Offers compliance assistance through the new MSHA Information Hub, featuring regulatory updates and training resources. Why It Matters Opinion letters provide clarity, consistency, and transparency in federal labor law enforcement. Employers can use them as reliable legal guidance to ensure adherence to wage, benefits, and safety requirements, reducing the risk of noncompliance and potential litigation. Deputy Secretary of Labor Keith Sonderling emphasized that “opinion letters are an important tool in ensuring workers and businesses alike have access to clear, practical guidance.” Next Steps for Employers To leverage this resource, employers can: Explore previously issued guidance . Contact your FortneyScott attorney should you need any assistance in submitting a request for an opinion letter or compliance guidance. This program presents a valuable opportunity for businesses to navigate complex employment laws with authoritative insights from federal agencies. Employers should consider requesting opinion letters when facing regulatory uncertainties to strengthen compliance efforts
On Thursday, June 5, 2025, from 2:00 to 3:00 p.m. ET, FortneyScott will host a webinar entitled, EEOC Update in Trump 2.0 . Join us for this practical, timely discussion designed to help HR professionals, in-house counsel, and business leaders navigate these challenging areas. As a special guest, Victoria Lipnic , former EEOC Commissioner and Acting Chair who now is a Partner at Resolution Economics and leader of the firm’s Human Capital Strategy Group, will join FortneyScott attorneys, David Fortney and H. Juanita Beecher, to discuss the latest EEOC developments. Under the leadership of President Trump’s Acting Chair Andrea Lucas, the EEOC has been busy implementing the Administration’s agenda. This has included President Trump’s Executive Orders announcing forebearance on disparate impact enforcement, focusing on “Illegal DEI,” removing guidance and materials relating to gender identity, and focusing on religious discrimination, anti-Semitism, and anti-Christian bias. We also will discuss the status of the two announced nominations for EEOC commissioners and staffing of critical positions at the agency. To register for this webinar, click here . For additional information, please visit FortneyScott’s website , including recent developments and FortneyScott’s webinars and podcasts .
