Now that the final Cybersecurity Maturity Model Certification (CMMC) Program and Procurement Rules have been issued by the Department of War (DoW) (see our CMMC Toolkit for in-depth analysis of these Rules) and the CMMC Program is set to begin in earnest, there is some uncertainty in industry as to
Continue Reading How Will DoW Determine Which Level of CMMC Applies to My Agreement?
Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced
This blog post discusses the Department of Defense’s (“DoD”) new cybersecurity rule that imposes certain cybersecurity requirements on relevant DoD contractors and subcontractors. The post will be of interest to all DoD contractors, subcontractors, and possibly affiliates of contractors that may be impacted by the new rule’s cybersecurity requirements.
On September 10, 2025, DoD published the final version of the Cybersecurity Maturity Model Certification (“CMMC”) Defense Federal Acquisition Regulation Supplement (“DFARS”) Procurement Rule (“Procurement Rule” or “Rule”) in the Federal Register. This Rule imposes the contractual requirements associated with the CMMC Program Rule that was published in final form in October 2024. The Procurement Rule will become effective sixty days after publication, on November 10, 2025 and will be implemented in a phased approach. Continue Reading Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced
Opportunities for Advanced Energy Partnerships in the 2nd Trump Administration
Though the 2nd Trump Administration has dramatically turned away from the energy and industrial policies of the Biden Administration, private-sector proponents of advanced energy projects may still find opportunities to partner with the federal government on certain Research and Development (R&D) or commercialization projects in the energy sector.
Since January 2025, nearly all corners of the federal government have sought to terminate federal grants, loans, and contracts that the Trump Administration has determined are out of step with the government’s revised priorities (such as in the case of various clean energy focused programs or decarbonization initiatives). Nonetheless, federal agencies have also announced new initiatives providing both financial and non-financial benefits for energy projects that the Trump Administration continues to support. In particular, there are significant opportunities available for developers of nuclear energy, critical minerals, and geothermal projects, as detailed further below. Continue Reading Opportunities for Advanced Energy Partnerships in the 2nd Trump Administration
July 2025 Cybersecurity Developments Under the Trump Administration
This is the sixth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration. The fifth blog is available here and our initial blog is available here. This blog describes key cybersecurity developments that took place in July 2025.
Continue Reading July 2025 Cybersecurity Developments Under the Trump AdministrationRecent Cybersecurity FCA Settlement Demonstrates Heightened FCA Risk to Government Contractors
On July 14, 2025, the U.S. Department of Justice (DoJ) and General Services Administration (GSA) announced a $14.75 million settlement of Civil False Claims Act allegations against IT company Hill ASC Inc. (Hill). This settlement is consistent with the current Administration’s focus on “fraud, waste, and abuse” in government procurement and the recent DoJ FCA initiative focused on cybersecurity fraud. This also follows the Department’s Criminal Division announcement of corporate procurement fraud as an enforcement priority.
The government alleged that between 2018 and 2023 Hill provided information technology services to federal agencies through the GSA’s Multiple Award Schedule (MAS) program. The settlement resolved allegations that: (i) Hill billed federal agencies for information technology personnel who lacked the experience and/or education required under the contract; (ii) Hill had not passed GSA’s required technical evaluations for contractors who sought to offer highly adaptive cybersecurity services to government customers; (iii) Hill submitted claims for cybersecurity services and other services that were not within the scope of the contract; and (iv) Hill charged the government for unapproved fees, failed to provide government customers with required information about discounts for prompt payment, and included unallowable incentive compensation in a cost submission in connection with a new contract proposal (which the settlement agreement acknowledges that Hill withdrew before any contract based on the proposal was awarded.)
To settle these allegations, Hill agreed to pay $14.75 million “plus additional amounts if certain financial contingencies occur.” The settlement imposes additional financial requirements including that Hill pay the United States 2.5% of its annual gross revenue that exceeds $18,800,000.00 from January 1, 2026 to December 31, 2029 (named the “Revenue Contingency Period”). It appears that the amount of damages initially sought by the government was higher because DoJ noted that the settlement amount was based on “the company’s ability to pay.” Continue Reading Recent Cybersecurity FCA Settlement Demonstrates Heightened FCA Risk to Government Contractors
Trump Administration Issues AI Action Plan and Series of AI Executive Orders
On July 23, the White House released its AI Action Plan, outlining the key priorities of the Trump Administration’s AI policy agenda. In parallel, President Trump signed three AI executive orders directing the Executive Branch to implement the AI Action Plan’s policies on “Preventing Woke AI in
Continue Reading Trump Administration Issues AI Action Plan and Series of AI Executive OrdersJune 2025 Cybersecurity Developments Under the Trump Administration
This is the fifth blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the Trump Administration. The fourth blog is available here and our initial blog is available here. This blog describes key cybersecurity developments that took place in June 2025.
White House Issues New Cybersecurity Executive Order
On June 6, President Trump issued an Executive Order (“Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144”) (the Order) that modifies certain initiatives in prior Executive Orders issued by Presidents Obama and Biden and highlights key cybersecurity priorities for the current Administration. We wrote about the Order in additional detail here.
At a high level, the Order: (i) directs that existing federal government regulations and policy be revised to focus on securing third-party software supply chains, quantum cryptography, artificial intelligence, and Internet of Things (IoT) devices; and (ii) more expressly focuses cybersecurity-related sanctions authorities on “foreign” persons. Although the Order makes certain changes to prior cybersecurity related Executive Orders issued under previous administrations, it generally leaves the framework of those Executive Orders in place. For example, the Order removes certain requirements relating to the form of attestations (i.e., removing the requirement for machine readable format), as well as the directive for centralized validation of software attestations by the Cybersecurity and Infrastructure Agency (CISA). Likewise, the associated directive to the Federal Acquisition Regulatory Council to amend the Federal Acquisition Regulation to incorporate those requirements has also been eliminated. However, the Order appears to leave the core program in place. Further, it does not appear to modify other cybersecurity Executive Orders beyond those specified. To that end, although the Order highlights some areas where the Trump administration has taken a different approach than prior administrations, it also signals a more general alignment between administrations on core cybersecurity principles. Continue Reading June 2025 Cybersecurity Developments Under the Trump Administration
GAO: DCAA Built a Valuable Bench of Independent Public Accountants, Now What?
The Government Accountability Office (“GAO”) released a report on the Defense Contract Audit Agency’s (“DCAA”) past and future use of private-sector, independent public accountants to augment its auditor workforce. The initiative—approved under Section 803 of the Fiscal Year (“FY”) 2018 National Defense Authorization Act (“NDAA”)—began in fiscal year 2020 and
Continue Reading GAO: DCAA Built a Valuable Bench of Independent Public Accountants, Now What?April 2025 Cybersecurity Developments Under the Trump Administration
This is the third blog in a series of Covington blogs on cybersecurity policies, executive orders (“EOs”), and other actions of the new Trump Administration. This blog describes key cybersecurity developments that took place in April 2025.
NIST Publishes Initial Draft of Guidance for High Performance Computing Systems
U.S. National
Continue Reading April 2025 Cybersecurity Developments Under the Trump AdministrationApril 2025 AI Developments Under the Trump Administration
This is part of an ongoing series of Covington blogs on the AI policies, executive orders, and other actions of the Trump Administration. This blog describes AI actions taken by the Trump Administration in April 2025, and prior articles in this series are available here.
White House OMB Issues AI Use & Procurement Requirements for Federal Agencies
On April 3, the White House Office of Management & Budget (“OMB”) issued two memoranda on the use and procurement of AI by federal agencies: Memorandum M-25-21 on Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (“OMB AI Use Memo“) and Memorandum M-25-22 on Driving Efficient Acquisition of Artificial Intelligence in Government (“OMB AI Procurement Memo”). The two memos partially implement President Trump’s January 23 Executive Order 14179 on “Removing Barriers to American Leadership in Artificial Intelligence,” which, among other things, directs OMB to revise the Biden OMB AI Memos to align with the AI EO’s policy of “sustain[ing] and enhance[ing] America’s global AI dominance.” The OMB AI Use Memo outlines agency governance and risk management requirements for the use of AI, including AI use case inventories and generative AI policies, and establishes “minimum risk management practices” for “high-impact AI use cases.” The OMB AI Procurement Memo establishes requirements for agency AI procurement, including preferences for AI “developed and produced in the United States” and contract terms to protect government data and prevent vendor lock-in. According to the White House’s fact sheet, the OMB Memos, which rescind and replace AI use and procurement memos issued under President Biden’s Executive Order 14110, shift U.S. AI policy to a “forward-leaning, pro-innovation, and pro-competition mindset” that will make agencies “more agile, cost-effective, and efficient.”
Department of Energy Announces Federal Sites for AI Data Center Construction
On April 3, the Department of Energy (“DOE”) issued a Request for Information (“RFI”) on AI Infrastructure on federal lands owned or managed by DOE. The RFI seeks comment from “entities with experience in the development, operation, and management of AI infrastructure,” along with other stakeholders, on a range of topics, including potential data center designs, technologies, and operational models, potential power needs and timelines for data centers, and related financial or contractual considerations. As part of the RFI, DOE announced 16 potential DOE sites for “rapid [AI] data center construction,” with the goal of initiating data center construction by the end of 2025 and commencing data center operation by the end of 2027 through public-private partnerships. The comment period for the RFI closed on May 7, 2025.
President Trump Issues Executive Order on Coal-Powered AI Infrastructure
On April 8, President Trump issued Executive Order 14261, titled “Reinvigorating America’s Beautiful Clean Coal Industry,” directing the Departments of Agriculture, Energy, and the Interior to identify coal resources and reserves on Federal lands for mining by public or private actors, prioritize and expedite leases for coal mining on Federal lands, and rescind regulations that discourage investments in coal production, among other things. The Executive Order also directs the Departments of Commerce, Energy, and the Interior to identify regions with suitable coal-powered infrastructure for AI data centers, assess the potential for expanding coal-powered infrastructure to meet AI data center electricity needs, and submit a report of findings and proposals to the White House National Energy Dominance Council, Assistant to the President for Science & Technology, and Special Advisor for AI and Crypto by June 7, 2025.
House CCP Committee Releases Report on DeepSeek Concerns
On April 16, the House Select Committee on the Chinese Communist Party released its report on DeepSeek and its AI platform, titled DeepSeek Unmasked: Exposing the CCP’s Latest Tool for Spying, Stealing, and Subverting U.S. Export Control Restrictions. Stating that DeepSeek “represents a profound threat to our nation’s security,” the report found that DeepSeek sends U.S. data to the Chinese government and manipulates chatbot outputs to “align with the CCP’s ideological and political objectives.” The report also found that it was “highly likely” that DeepSeek used model distillation techniques to extract reasoning outputs and copy leading U.S. AI model capabilities in order to expedite development. The report further found that DeepSeek violated U.S. semiconductor export controls. The report called on the U.S. to expand export controls and improve enforcement, in addition to preparing for “strategic surprise” arising from rapid advancements in Chinese AI. Ultimately, the report may help to accelerate possible U.S. Government bans on DeepSeek along the lines of the Kansas ban discussed below.Continue Reading April 2025 AI Developments Under the Trump Administration