Department of Defense

On April 9, 2025, President Trump issued an Executive Order (“EO”), “Modernizing Defense Acquisitions and Spurring Innovation In the Defense Industrial Base,” that may have significant implications for federal government contractors doing business with the Department of Defense (“DoD”), and particularly those with touchpoints to Major Defense Acquisition Programs (“MDAPs”).

The EO requires DoD to take a number of actions, including:

  • Within 60 days (i.e., June 8th), the Secretary of Defense must submit to the President a plan to reform the DoD acquisition process to eliminate inefficiencies.  The plan must prioritize commercial solutions and the use of Other Transactions Authority (“OTA”) agreements and Rapid Capabilities Office mechanisms.  The plan must also eliminate redundant tasks and approvals, centralize decision-making, and incorporate effective risk management for all acquisition programs through a governance structure referred to as a Configuration Steering Board. 
  • Under no specified timeline, DoD is generally directed to revise internal regulations and implementation guidance — including the DoD Financial Management Regulation and the Defense Federal Acquisition Regulation Supplement — utilizing the principle from the “Unleashing Prosperity Through Deregulation” EO (Jan. 31, 2025) that for every new regulation proposed, ten existing regulations should be repealed.
  • Within 90 days (i.e., July 8th)the Secretary of Defense must review all MDAPs and consider for “potential cancellation” programs that are: (1) more than 15% behind schedule; (2) more than 15% above cost; (3) “unable to meet key performance parameters”; or (4) otherwise not aligned with DoD mission priorities.  Following this review of MDAPs, the Secretary of Defense will conduct a similar review for all remaining major systems.
  • Within 120 days (i.e. August 7th)the Secretary of Defense, in collaboration with the Military Departments, must propose a plan to overhaul the defense acquisition workforce by restructuring performance metrics, assessing workforce sizing requirements, and deploying expert-led field training teams to enhance familiarity with innovative acquisition authorities.  These reforms are intended to incentivize prudent risk-taking and expand the workforce’s fluency in commercial solutions and adaptive acquisition strategies.  
  • Within 180 days (i.e., October 6th), the Secretary of Defense, acting through the Deputy Secretary of Defense, the Secretaries of the Military Departments and the Joint Chiefs of Staff, must complete a comprehensive review of the Joint Capabilities Integration and Development System (“JCIDS”), with the aim of streamlining and accelerating acquisition.[1] 

We address the EO’s directives for acquisition process reform and MDAP review in greater detail below. Continue Reading Trump Administration Issues Executive Order Aimed At Modernizing Defense Acquisitions And Spurring Innovation

President Trump recently issued two separate Executive Orders (EOs) that will have implications for how federal agencies seek to promote the administration’s goal of attracting domestic and foreign investment to industrial projects in the United States, with particular implications for the semiconductor and critical minerals industries. 

  1. An EO on March 31st establishes an “Investment Accelerator” office within the Department of Commerce that will be responsible for overseeing the implementation of the CHIPS Program—including the negotiation of agreements under the CHIPS Act.  This office will also provide technical and regulatory support for investors, and seek to facilitate research collaborations between private industry and national labs. 
  2. An earlier EO issued on March 20th seeks to mobilize federal lending and leasing authorities at the Department of Defense (DoD), the U.S. International Development Finance Corporation (DFC), and other federal agencies to support the development of domestic critical mineral projects.  Per an accompanying fact sheet, the White House is taking a broad interpretation of covered minerals under this March 20th Order and will seek to include materials such as coal. 

Both EOs are notable efforts by the White House to align federal spending and financial assistance programs with the Trump Administration’s priorities, which have variously included calls to promote self-sufficiency in critical materials and promoting “energy independence” and “energy dominance.”  These efforts come against a backdrop under which the Administration is also pursuing the use of tariffs to promote U.S. manufacturing, and taking steps to review and in some cases modify or terminate infrastructure or energy-related grants from the Biden-era.  More details are provided below.  Continue Reading Trump Administration Issues Executive Orders that Seek to Shape CHIPS Program and Promote Domestic Mineral Production

This is the first blog in a series covering the Fiscal Year 2025 National Defense Authorization Act (“FY 2025 NDAA”).  This first blog will cover: (1) NDAA sections affecting acquisition policy and contract administration that may be of greatest interest to government contractors; (2) initiatives that underscore Congress’s commitment to strengthening cybersecurity, both domestically and internationally; and (3) NDAA provisions that aim to accelerate the Department of Defense’s adoption of AI and Autonomous Systems and counter efforts by U.S. adversaries to subvert them. 

Future posts in this series will address NDAA provisions targeting China, supply chain and stockpile security, the revitalized Administrative False Claims Act, and Congress’s effort to mature the Office of Strategic Capital and leverage private investment to accelerate the development of critical technologies and strengthen the defense industrial base.  Subscribe to our blog here so that you do not miss these updates.

FY 2025 NDAA Overview

On December 23, 2025, President Biden signed the FY 2025 NDAA into law.  The FY 2025 NDAA authorizes $895.2 billion in funding for the Department of Defense (“DoD”) and Department of Energy national security programs—a $9 billion or 1 percent increase over 2024.  NDAA authorizations have traditionally served as a reliable indicator of congressional sentiment on final defense appropriations. 

FY 2025 marks the 64th consecutive year in which an NDAA has been enacted, reflecting its status as “must-pass” legislation.  As in prior years, the NDAA has been used as a legislative vehicle to incorporate other measures, including the FY 2025 Department of State and Intelligence Authorization Acts, as well as provisions related to the Departments of Justice, Homeland Security, and Veterans Affairs, among others.

Below are select provisions of interest to companies across industries that engage in U.S. Government contracting, including defense contractors, technology providers, life sciences firms, and commercial-item suppliers.Continue Reading President Biden signs the National Defense Authorization Act for Fiscal Year 2025

This is part of a series of Covington blogs on the implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through October 2024.  This blog describes key actions taken to implement the Cyber EO, the U.S. National Cybersecurity Strategy, and other actions taken that support their general principles during November 2024. 

National Institute of Standards and Technology (“NIST”) Publishes Draft “Enhanced Security Requirements for Protecting Controlled Unclassified Information”

On November 13, 2024, NIST published a draft of Special Publication (“SP”) 800-172 Rev. 3 that “provides recommended security requirements to protect the confidentiality, integrity, and availability of [Controlled Unclassified Information] when it is resident in a nonfederal system and organization and is associated with a high value asset or critical program.”  In particular, the draft requirements “give organizations the capability to achieve a multidimensional, defense-in-depth protection strategy against advanced persistent threats . . . and help to ensure the resiliency of systems and organizations.”  The draft requirements “are intended for use by federal agencies in contractual vehicles or other agreements between those agencies and nonfederal organizations.”  In the publication, NIST stated that it does not expect that all requirements are needed “universally.”  Instead, the draft requirements are intended to be “selected by federal agencies based on specific mission needs and risks.”

These requirements serve as a supplement to NIST SP 800-171, and apply to particular high-risk entities.  To that end, the current version of this NIST SP 800-172 (i.e., Rev. 2) is used by the U.S. Department of Defense (“DoD”) for its forthcoming Cybersecurity Maturity Model Certification (“CMMC”) program, which we discussed in more detail here.  Specifically, contractors must implement twenty-four controls that DoD selected from SP 800-172 Rev. 2 in order to obtain the highest level of certification – Level 3.  Just as the CMMC Final Rule incorporated Rev. 2 of SP 800-171 (rather than Rev. 3), the CMMC program will not immediately incorporate SP 800-172 Rev. 3 requirements.  However, the draft requirements provide insight into how CMMC could evolve.Continue Reading November 2024 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On Tuesday, October 22, 2024, Pennsylvania State University (“Penn State”) reached a settlement with the Department of Justice (“DoJ”), agreeing to pay the US Government (“USG”) $1.25M for alleged cybersecurity compliance violations under the False Claims Act (“FCA”).  This settlement follows a qui tam action filed by a whistleblower and former employee of Penn State’s Applied Research Laboratory.  The settlement agreement provides some additional insight into the priorities of DoJ’s Civil Cyber Fraud Initiative (“CFI”) and the types of cybersecurity issues of interest to the Department.  It also highlights the extent to which DoJ is focusing on the full range of cybersecurity compliance obligations that exist in a company’s contract in enforcement actions.

DoJ’s Civil Cyber-Fraud Initiative

On October 6, 2021, following a series of ransomware and other cyberattacks on government contractors and other public and private entities, DoJ announced the CFI.  We covered the CFI as it was first announced in more detail here, and in a comprehensive separately published article here.  As explained by Deputy Attorney General Lisa Monaco and other DoJ officials, DoJ is using the civil FCA to pursue government contractors and grantees that fail to comply with mandatory cyber incident reporting requirements and other regulatory or contractual cybersecurity requirements.  Moreover, depending on the facts, DoJ Criminal likely will be interested in some of these cases.

About the Settlement

On October 5, 2022, a relator – the former chief information officer for Penn State’s Applied Research Laboratory – filed a qui tam action in the United States District Court of the Eastern District of Pennsylvania.  The relator alleged in an amended complaint from 2023 that he discovered and raised non-compliance issues, which Penn State management did not address, and that Penn State falsified compliance documentation.  On October 23, 2024, DoJ formally intervened and notified the court that it reached a settlement agreement with Penn State.  The settlement agreement alleges that Penn State violated the FCA by failing to implement adequate safeguards and to meet cybersecurity requirements set forth under National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.”  As set forth in the settlement agreement, these issues related to fifteen contracts and subcontracts involving the Department of Defense (“DoD”) and the National Aeronautics and Space Administration (“NASA”) between January 2018 and November 2023. Continue Reading Penn State Agrees to Pay $1.25M in Settlement for Cybersecurity Non-Compliance False Claims Act Allegations

Following our recent overview of key topics to watch in the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2024, available here, we continue our coverage with a “deep dive” into NDAA provisions related to the People’s Republic of China (“China” or “PRC”) in each of the House and Senate bills.  DoD’s focus on strengthening U.S. deterrence and competitive positioning vis-à-vis China features prominently in the 2022 National Defense Strategy (“NDS”) and in recent national security discourse.  This focus is shared by the Select Committee on Strategic Competition Between the United States and the Chinese Communist Party (“Select Committee”), led by Chairman Mike Gallagher (R-WI) and Ranking Member Raja Krishnamoorthi (D-IL). 

It is no surprise, then, that House and Senate versions of the NDAA include hundreds of provisions—leveraging all elements of national power—intended to address what the NDS brands as China’s “pacing” challenge, including many grounded in Select Committee policy recommendations.  Because the NDAA is viewed as “must-pass” legislation, it has served in past years as a vehicle through which other bills not directly related to DoD are enacted in law.  In one respect, this year is no different—the Senate version of the NDAA incorporates both the Department of State and Intelligence 2024 Authorization bills, each of which includes provisions related to China. 

To get a flavor of the approach to China in this year’s NDAA, look no further than the “Ending China’s Developing Nation Status Act” in Section 1399L of the Senate bill, which would require U.S. opposition to granting China “developing nation” status in treaties under negotiation and by international organizations of which the U.S. and China are members, such as the World Trade Organization.  Classification as a “developing nation” affords China access to preferential loans and other economic benefits intended to increase trading opportunities, notwithstanding its current status as an upper-middle income country (as determined by the World Bank), and the world’s second largest economy, trailing only the U.S.  Not to be outdone, Section 155 of the House bill contains a provision mandating expedited deployment of advanced radars to track high-altitude balloons and other potential threats to the U.S., in direct response to the incident earlier this year in which a Chinese balloon flew across the U.S. before being shot down by the Air Force.

Given these provisions, and many more (some we discuss below), this year’s NDAA strikes us as different.  It incorporates many more China-related provisions and many of these would impose greater obligations on government contractors to limit their interactions with the PRC and entities affiliated with the PRC Government.  Whether the laundry list of China-related provisions in the current NDAA survive, and in what form, will be determined by the conference process currently underway.  But these provisions have the potential to impose significant near-term burdens on contractors—requiring them to assess their obligations and make adjustments to ensure compliance.  Indeed, these provisions may be far more disruptive than requirements imposed by prior year NDAA China provisions that contractors have navigated by reassessing supply chains and increasing due diligence.  All government contractors and suppliers to government contractors with any connection to China would be well advised to monitor how the NDAA conference approaches resolution of this legislation over the coming months.Continue Reading Not to Be Outpaced: NDAA Presents Measures Addressing China

This is the twenty-sixth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken

Continue Reading June 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

The House of Representatives is now considering the Fiscal Year 2015 National Defense Authorization Act (NDAA). The House Armed Services Committee (HASC) reported out the $513 billion measure on May 7th rejecting many of the Administration’s requests including reduction in military pay raise, authority for the base closures, as well
Continue Reading Battle Over Defense Legislation