Government Contractor Cybersecurity

Contractors seeking to do business with the federal government face increasing obligations to adhere to a growing body of cybersecurity regulations and manage their risk liabilities. Greenberg Traurig’s Government Contractor Cybersecurity Group comprises lawyers that are intimately familiar with the complex challenges facing government contractors across various industries and experienced in doing business with defense and civilian agencies. We advise prime contractors, subcontractors, international companies, nontraditional contractors, and other participants in the vast federal contracting network on how to meet critical cybersecurity obligations, manage supply chain risks, respond to investigations, and resolve claims and disputes.

Our team provides strategic guidance based on each client’s contracting and compliance posture, and we work closely with each client to provide practical and scalable strategies. We also help contractors navigate any duplicative or even conflicting obligations under disparate statutory frameworks or regulations.

We work closely with our Greenberg Traurig International Trade, Export Controls & Economic Sanctions, and Data Privacy & Cybersecurity colleagues to help our clients meet their evolving and nuanced cybersecurity needs.

Our team assists clients with:

• Navigating specific programs and regulatory requirements including:
  • Cybersecurity Maturity Model Certification (CMMC) Program
  • Federal Risk and Authorization Management Program (FedRAMP)
  • FAR Controlled Unclassified Information (CUI) Rule
  • DOJ’s Data Security Program (DSP) Rule
  • Various National Institute of Standards and Technology (NIST) special publications.
• Establishing organization-wide (and affiliate or subsidiary) compliance programs, policies, and procedures to implement government contractor-specific cybersecurity requirements.
• Implementing processes to “know your data” within contractors’ systems and across respective suppliers and vendors, including cross-border data flows.
• Complying with agency-specific information security controls and reporting requirements.
• Responding to and remediating security incidents, including making notifications to government authorities, conducting internal investigations, working with leading industry forensic analysts, and implementing necessary security enhancement measures.
• Assessing and making disclosures (mandatory and voluntary) to federal agencies, other legal authorities, and contracting partners.
• Responding to government requests for information or investigative demands, including defense of False Claims Act (FCA) lawsuits and qui tam complaints.
• Seeking costs and equitable price adjustments to account for the implementation of cybersecurity measures.
• Conducting due diligence on cybersecurity, export control, and related matters in mergers, acquisitions, or other transactions involving government contracts.