Photo of Alex Major

Mr. Major is a partner and co-leader of the firm’s Government Contracts & Export Controls Practice Group. Mr. Major focuses his practice on federal procurement, cybersecurity liability and risk management, and litigation. A prolific author and thought leader in the area of cybersecurity, his professional experience involves a wide variety of litigation and counseling matters dealing with procurement laws and federal regulations and standards . His diverse experience includes complex litigation in federal court under the qui tam provisions of the False Claims Act and bid protest actions. He counsels all sizes of companies on issues relating to compliance with government regulations including, among other things, cybersecurity (NIST, FIPS, FedRAMP, and DFARS) requirements, multiple award schedule compliance, Section 508 issues, country of origin requirements under the Buy American and Trade Agreements Acts, cost accounting, and small business requirements. He also regularly conducts internal investigations to assist companies ensure that they are in full compliance with the law.

DoD’s recent efforts to address cybersecurity have caused confusion and chaos for Government contractors. As we all know, cybersecurity is an issue that is impossible to ignore, and the sobering reality is that compliance with federal cybersecurity requirements is critical to avoiding catastrophic liability. Recently, McCarter & English Government Contracts and Export Controls co-leaders Alex

Cough…cough…ahem…cough… Any contractor who has had the misfortune of dealing with the Defense Contract Audit Agency (DCAA) likely knows all too well that the agency is the Will Rogers of costs – it never met a cost it didn’t question.  Indeed, DCAA auditors typically question costs with reckless abandon and based often on a patent misreading of applicable regulations.  The net effect, of course, is that contractors have to expend significant time and money trying to explain to boards and courts why DCAA’s auditors are…uh…incorrect as a matter of fact and law.  A recent Memorandum for Regional Directors (MRD) provides some transparency into why this sort of thing happens with unfortunate regularity. Issued on May 14, 2019, the MRD (No. 19-PAC-002(R)), corrects…er…“revises” internal guidance issued in 2014 and 2015 relating to the identification of expressly unallowable costs.  The newly issued memo sets out DCAA’s current stance on identifying expressly unallowable costs under the cost principles codified at Federal Acquisition Regulation (FAR) Part 31 and Defense Federal Acquisition Regulation Supplement (DFARS) Part 231.  This MRD – like all MRDs – is intended to be used as a tool by well-meaning (but often overzealous) auditors when reviewing a contractor’s compliance with federal cost principles.  Contractors should, thus, pay careful attention to this MRD in order to be prepared for questions that may arise during DCAA-led frolics and detours.

Continue Reading

Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal cybersecurity certification as early as next year. The program, known as the Cybersecurity Maturity Model Certification (CMMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.

Continue Reading

On May 22nd, Practice Group Co-Leaders Franklin Turner and Alexander Major delivered a presentation on Effectively Prosecuting Contract Claims Against the Government to attendees at the annual Native Hawaiian Organizations Association Business Summit in Honolulu, Hawaii. After the presentation, Franklin and Alex also hosted a legal Q&A session for contractors of all sizes.

On Dec. 4, 2018, the Federal Acquisition Regulatory Council finally released a proposed rule to implement changes to certain small business subcontracting regulations required by the 2013 National Defense Authorization Act (NDAA). 83 Fed. Reg. 62540 (Dec. 4, 2018). This is a welcome, if not long-overdue sign of progress. Over the last half-decade since the

Here we are again. Large swaths of the federal government have been closed since December 22 because Congress and the president cannot agree on legislation to fund the government. Nearly a million federal employees are not receiving their paychecks. Even larger numbers of government contractors are – as is often the case – left squarely at the bottom of the hill, dodging the boulders of political mismanagement that are raining down in a landslide of “stop-work” orders. For example, as has been reported, the Department of Homeland Security’s Federal Emergency Management Agency (FEMA) took affirmative steps to publicize and issue a “blanket” stop-work order on December 26 – the day after Christmas – giving many affected contractors a post-holiday cocktail of uncertainty and dread. Other agencies have followed suit, with the Departments of Justice, Agriculture, Commerce, Housing and Urban Development, Interior, State, Transportation, and Treasury issuing such orders over the past few weeks.

Continue Reading

The Demon: What an excellent day for an exorcism.
Father Karras: You would like that?
The Demon: Intensely.

Honestly, it was challenging finding an all-audiences quote from William Peter Blatty’s “The Exorcist,” but we believe that this quote is exactly what federal contractors need to know. Today is indeed an excellent day for an information system exorcism and, unlike Father Karras, federal contractors know the name of that which they must purge: Kaspersky Lab.


Continue Reading

Alex Major is a contributing author to the Nuix 2018 Black Report: Decoding the Minds of Hackers, a unique report that engages professional hackers, penetration testers, and incident responders to understand the security threat landscape companies face. Alex, a former intelligence officer, focuses his chapter on why companies need to properly select and structure their

If your company sells products or services to the U.S. Government, there’s a substantial likelihood that you’ve read or heard the acronym “NIST” in connection with various cybersecurity related obligations that the Government is imposing on contractors with a seemingly unceasing vengeance. NIST refers to the National Institute of Standards and Technology, which is a

During the past few years, discussions in Washington, D.C. have intensified over the battle to modernize the Federal Government’s information technology (IT) systems. In May 2016, Representative Jason Chaffetz—Chairman of the Committee on Oversight and Government Reform in the U.S. House of Representatives—boldly stated that American “[t]axpayers deserve a government that leverages technology to serve