Study Guide

In July 2022, the DOJ released a Comprehensive Cyber Review report (the “Review”) summarizing its assessment of its own cyber-related activities and including recommendations focused on its cyber-centric “offensive” (i.e., cyber threat investigations and enforcement) and “defensive” (i.e., approaches to risk mitigation) activities. A key finding declared that “many of the cybersecurity provisions and standards set forth for federal contractors were found to be insufficiently rigorous.” The Review went on to note that where contractual cybersecurity standards were not met, the Department’s Civil Cyber-Fraud Initiative (CCFI), first announced in October 2021, would continue to utilize the False Claims Act (FCA) to pursue cybersecurity-related cases against government contractors and grant recipients. The Review comes on the heels of a recent FCA settlement with Aerojet Rocketdyne Inc. Many colleges, universities and independent research institutions are now in the midst of planning for enhanced research security obligations arising out of the January 2022 National Security Presidential Memorandum 33 Implementation Guidance (the “NSPM-33 Guidance”).

Read more

The Assistant Secretary for Export Enforcement Matthew S. Axelrod announced last week at the National Association of College and University Attorneys (NACUA) 2022 Annual Conference a new “Academic Outreach Initiative” by the Bureau of Industry and Security (BIS) at the Commerce Department. The Initiative is aimed at assisting universities, particularly those engaged in proprietary research, in developing and implementing an Export Management Compliance Program (EMCP) to ensure compliance with the Export Administration Regulations (EAR).