Photo of Alex Major

Mr. Major is a partner and co-leader of the firm’s Government Contracts & Export Controls Practice Group. Mr. Major focuses his practice on federal procurement, cybersecurity liability and risk management, and litigation. A prolific author and thought leader in the area of cybersecurity, his professional experience involves a wide variety of litigation and counseling matters dealing with procurement laws and federal regulations and standards . His diverse experience includes complex litigation in federal court under the qui tam provisions of the False Claims Act and bid protest actions. He counsels all sizes of companies on issues relating to compliance with government regulations including, among other things, cybersecurity (NIST, FIPS, FedRAMP, and DFARS) requirements, multiple award schedule compliance, Section 508 issues, country of origin requirements under the Buy American and Trade Agreements Acts, cost accounting, and small business requirements. He also regularly conducts internal investigations to assist companies ensure that they are in full compliance with the law.

What do you think is going to be scarier—artificial intelligence (AI) or the government’s effort to regulate AI? On October 30, 2023, the White House issued Executive Order (E.O.) 14410, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. As the federal government’s latest foray into harnessing AI, this E.O.—like those before it, generally—recognizes that AI offers extraordinary potential and promise, provided that it is harnessed responsibly to prevent the exacerbation of societal harms. Since E.O. 14410, there has been a flurry of activity in the federal government, including guidance and policies providing an indication of how agencies can/should/will harness AI to support agency objectives. While we are far from a situation similar to Skynet from the Terminator franchise or HAL 9000 from 2001: A Space Odyssey, the government’s accelerated activity to reap AI’s potential benefits far outpaces the provision of actionable guidance so contractors can understand and adapt to what will be required in offering AI products and services to the government. So let’s open the pod bay doors and explore…Continue Reading Executive Order 14410: An Artificial Intelligence Odyssey

On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC guidance documents, providing interested parties a one-two combo of what to expect under the Program. The Proposed Rule has already received over 100 comments. With commenting open until February 26, 2024, will DoD proceed with a final rule, or is the Proposed Rule a Groundhog Day scenario with DoD further delaying final implementation of the CMMC Program?Continue Reading DoD’s Proposed CMMC Rule: Groundhog Day… or a Final Rule in the Works?

On October 25, 2023, the Department of Defense (DoD) published a Proposed Rule amending the Department of Defense Federal Acquisition Regulation Supplement (DFARS) and permanently authorizing the DoD Mentor-Protégé Program (DoD MP Program). In addition, the Proposed Rule makes several changes to the program—the most prominent of which include (a) lowering barriers to entry and (b) adding additional benefits for prospective mentors and protégés. Before we dive in to the Proposed Rule, a brief history of the DoD MP Program is in order.Continue Reading DoD Mentor-Protégé Program Solidified under Proposed Rule

The Proposed Rule behind FAR Case 2021-017 may strike fear into the hearts of many contractors, as it implements new recommendations regarding cybersecurity reporting obligations. Alex Major highlights the necessary steps and potential risks federal contractors must consider in the Government Contractor.

Effective July 21, 2023, DHS is operating under new rules for government contractors on safeguarding Controlled Unclassified Information (CUI) and reporting cyber incidents. In this Feature Comment for The Government Contractor, Alex Major describes how government contractors can best navigate DHS’s wide-reaching cybersecurity and data privacy requirements.

Parties litigating False Claims Act (FCA) cases have long struggled with a thorny question around the essential element of scienter (the defendant’s intent, or state of mind): What/how much does a contractor need to know when submitting an invoice for payment for the related claim to be considered knowingly false when made? When that question arises in FCA litigation, a court’s determination of that essential element of scienter/knowledge often pivots on what the judge believes matters more:

(A) The defendant’s subjective belief at the time a claim is made; or

(B) An objective textual reading of what a person may have known or believed when a claim is made.Continue Reading The False Claims Act’s Fuzzy Scienter Element Brought into Sharp Focus

Hollywood is full of them. And unless you are trapped on the Planet of the Apes, caught on the 3:10 to Yuma, or running from Godzilla, you’ve probably seen a movie reboot or two over the past two decades. The term generally refers to the new start of a known fictional universe where established continuity is discarded to re-create that series’ characters, plotlines, and backstory from the beginning. Thankfully—and I’m looking at you, CMMC—that is a trend that appears to be confined to the entertainment industry and not one that will be adopted in federal contractor cybersecurity. To be sure, on May 10, 2023, the National Institute of Standards and Technology (NIST) released for review and comment a draft of Revision 3 of its Special Publication (SP) 800-171, Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations. Not only is NIST seeking comments via email no later than July 14, 2023, on Rev. 3, it has even provided a comment template to help with that effort. Let’s get into some of those key changes to demonstrate how Rev. 3 is more of a sequel than a reboot.Continue Reading NIST SP 800-171 Revision 3: Not Another Reboot

Scenario 1: A pharmacy chain hires a value consultant to review its Medicare and Medicaid billing practices for ways to optimize the coding of drug reimbursements to maximize profits. Drugs that had historically been charged for government reimbursement at $1/pill as the “usual and customary price” are now getting coded for reimbursement at $3/pill—a 200% markup that represents a pure profit windfall to the pharmacy chain. Is this a violation of the False Claims Act (FCA)?

Scenario 2: A construction company that has years of experience in federal procurement contracting had never charged the government for reimbursement of several cost items, because the company’s previous CFO did not feel such reimbursement would meet the “reasonableness” requirements of FAR Part 31 (e.g., FAR 31.201-2(a)(1) and 31.201-3). But the company’s new CFO, holding a different interpretation of the reasonableness standards and Cost Accounting Standards (CAS), instructs his program leads to start charging those items for reimbursement in all new and existing contracts. Is this a violation of the FCA?Continue Reading Knowing IS the Battle: Supreme Court to Address the FCA’s Scienter Standard

According to the Office of Federal Contract Compliance Programs (OFCCP), since 2019, Will Evans, a reporter for the Center for Investigative Reporting, has sought the Employment Information Report (EEO-1) data of federal contractors through a Freedom of Information Act (FOIA) request to OFCCP. Mr. Evans amended his FOIA request on June 2, 2022, and now seeks the Type 2 Consolidated EEO-1 Report demographic data of federal prime contractors and first-tier subcontractors for 2016–2020. OFCCP estimates that this impacts approximately 15,000 contractors and first-tier subcontractors.

What does this mean? Absent an objection, OFCCP could disclose your company’s Type 2 Consolidated EEO-1 Reports Component 1 data for 2016–2020 in response to Mr. Evans’s FOIA request.

What is an EEO-1 Report? The EEO-1 Report is the form used annually by the Equal Employment Opportunity Commission and OFCCP to collect a summary of an employer’s workforce data.Continue Reading Attention Federal Contractors and First-Tier Subcontractors: Your EEO-1 Reports May Be Responsive to an OFCCP FOIA Request, and You Have Only until September 19, 2022, to Object.