Photo of Alex Major

Mr. Major is a partner and co-leader of the firm’s Government Contracts & Export Controls Practice Group. Mr. Major focuses his practice on federal procurement, cybersecurity liability and risk management, and litigation. A prolific author and thought leader in the area of cybersecurity, his professional experience involves a wide variety of litigation and counseling matters dealing with procurement laws and federal regulations and standards . His diverse experience includes complex litigation in federal court under the qui tam provisions of the False Claims Act and bid protest actions. He counsels all sizes of companies on issues relating to compliance with government regulations including, among other things, cybersecurity (NIST, FIPS, FedRAMP, and DFARS) requirements, multiple award schedule compliance, Section 508 issues, country of origin requirements under the Buy American and Trade Agreements Acts, cost accounting, and small business requirements. He also regularly conducts internal investigations to assist companies ensure that they are in full compliance with the law.

For those who grew up gripping a joystick and dodging alien fire in Defender, riding ostriches through floating platforms in Joust, or crossing a hectic freeway in Frogger, winning wasn’t about memorizing rules; it was about adapting fast, reading the patterns, and leveling up. That same urgency now applies to federal information and communication technology (ICT) contractors. A sweeping overhaul of FAR Part 39 has just been released, and while it may not blink and beep like a cabinet in a darkened arcade, it’s just as demanding. There’s no attract mode here. The game has already started.Continue Reading FAR 2.0 Part 39 in Arcade Mode—How Federal IT Acquisition Just Hit Reset

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction of a fortified cyber defense across federal operations. This directive updates the nation’s digital stronghold, modernizing risk management, defending against quantum and artificial intelligence (AI) threats, and drawing sharper lines in the battle against foreign cyber adversaries. For technology companies and federal suppliers, this is a clarion call to reinforce their digital walls and sharpen their defenses. Agencies will soon build these secure-by-design principles into every contract and procurement decision. In this era of fortress-building, failing to meet these standards not only will leave your gates unguarded but also could bar you from the entire federal marketplace. The EO may read like ordinary policy, but don’t be misled: It’s a direct command for companies to strengthen their cyber defenses or be locked out of federal opportunities altogether.Continue Reading Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

The Department of Defense (DoD) is revving its engines again—this time to rocket past its own software acquisition drag. Launched via an April 24 memo from Acting DoD CIO Katie Arrington, the DoD’s Software Fast Track (SWFT) Initiative entered a 90‑day sprint to redefine Accelerating the Authority to Operate (ATOs), aiming to replace the outdated Risk Management Framework (RMF) with AI‑enabled, continuous compliance workflows. Officially live on June 1, 2025, SWFT isn’t a fully cleared runway—it’s a mission in motion, with Requests for Information (RFIs) out and industry poised to respond. But the real turbulence won’t be technical—it’ll be cultural: Can Pentagon policy and personnel move at Top Gun pace?Continue Reading The Need for Speed: DoD’s “Software Fast Track” Targets Bureaucracy at Mach 2

Beware the Jabberwock, my son! The jaws that bite! The claws that catch!”

– Lewis Carroll: “Jabberwocky,” Through the Looking-Glass, and What Alice Found There (1872)

There is a growing sense of confusion and unease among many federal contractors and grant recipients in these early days of the second Trump administration. In a time when some agencies face dislocation and downsizing (or, as with USAID, effective disbandment), contractors may feel like Alice stepping through the Looking Glass into a world strangely inverted from the one they knew. This shift is especially evident in the administration’s rejection of seemingly all diversity, equity, and inclusion (DEI) policies—long used to prevent discrimination, comply with civil rights laws, and foster inclusive environments in the American workforce.Continue Reading Through the Looking Glass: Shifting DEI Standards Expose Contractors to False Claims Act Risk

On April 15, 2025, President Trump issued a sweeping executive order (EO), “Restoring Common Sense to Federal Procurement.” As reflected in its accompanying Fact Sheet, the EO promises to rewrite the Federal Acquisition Regulation (FAR), eliminate most non-statutory provisions, and usher in the “most agile, effective, and efficient procurement system possible.” As the first comprehensive overhaul of the FAR in its nearly 40-year history, the forthcoming changes may dramatically reshape how businesses of all stripes engage with the federal government. But beyond its big promises and patriotic flair, the proposed overhaul raises critical questions: Can it really be done in six months? What happens to the thousands of existing regulations around which contractors have built compliance programs?Continue Reading Hold My Beer: The Trump Administration’s Bold Plan to Rewrite the FAR

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed that contractors must continue complying with Revision 2 thanks to a previously issued class deviation. What does this mean in plain terms? The DoD is slowly pulling back the curtain on the next major shift in cybersecurity compliance. Still, the full prestige hasn’t happened yet.Continue Reading The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

As St. Patrick’s Day approaches, many of us are on the lookout for four-leaf clovers, a pot of gold, or perhaps even a mischievous leprechaun guarding his treasure. But in the world of government contracting, the real tricksters aren’t wearing green coats and buckled shoes—and there is no gold at the end of the procurement rainbow. Instead, that pot is full of the recently announced tariffs. Effective March 4, 2025, the Trump administration imposed 25 percent tariffs on Mexican and Canadian imports (exclusive of Canada energy imports, where there is a 10 percent tariff) and a 20 percent tariff on Chinese products. While economists, pundits, and the stock market will all have their say on the wisdom behind these actions, such prognostication is of little help to federal contractors who are forced to deal with the very real effects right now.Continue Reading Tariffs, Leprechauns, and Contract Gold: Navigating the Hidden Costs of Trade Policies

Amid the chaos of the past few weeks—sweeping executive orders, relentless cost-cutting, and an air of uncertainty that lingers like smoke after a fire—federal contractors have been left reeling, straining to hear what comes next through the deafening noise. In this storm, predicting the future is as futile as fortune-telling. And yet beneath the shouts of change and upheaval, one truth remains, a whisper through the screams—some things, especially those that serve the government’s interests, are not going anywhere.Continue Reading Whisper Through the Screams: DOJ Commits to False Claims Act Enforcement in 2025

After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the Proposed Rule). Published in the Federal Register on January 15, 2025 (90 FR 4278), the Proposed Rule (stemming from FAR Case 2017-016) has been a long time coming and is intended to establish a government-wide standard for managing sensitive information, ensuring CUI uniformity and consistency across all agencies and federal contracts.Continue Reading They Did It. They Really Did It! The Arrival of the FAR CUI Proposed Rule

In Part I of this series we introduced readers to what Controlled Unclassified Information (CUI) is understood to consist of under the CUI Program at 32 CFR pt. 2002, differentiating and safeguarding CUI, CUI Program Authority and Control, and CUI policy as promulgated under the U.S. Department of Defense CUI Program. (See 66 GC ¶