Insights

On February 21, 2025, President Trump issued a National Security Policy Memorandum (“NSPM”) announcing the Administration’s “America First Investment Policy” (the “Investment Policy”)[1] affirming the United States’ commitment to open investment while safeguarding national security. Aimed at promoting investment in the United States from allied countries while imposing stricter measures on both inbound and outbound investments from “foreign adversaries,” the Investment Policy incentivizes foreign investment in the United States by announcing a “fast track” process “to facilitate greater investment from specified allied and partner sources in United States businesses involved with United States advanced technology and other important areas.” The NSPM defines “foreign adversaries” to include the People’s Republic of China (the “PRC” or “China”), including Hong Kong and Macau, Cuba, Iran, North Korea, Russia, and the Maduro regime in Venezuela.[2]

On January 15, 2025, the FAR Council released a proposed rule (FAR CUI Rule) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors.  The rule’s key cybersecurity requirements closely mirror the Department of Defense’s Cyber Maturity Model Certification (CMMC) program (for example, compliance with National Institute of Standards and Technology Special Publication 800-171, Revision 2), but broaden the scope to include contractors and subcontractors working across all federal agencies.  The Rule is intended to standardize the handling of CUI by federal government contractors and subcontractors in accordance with Executive Order 13556, including by:

On January 3, 2025, the FAR Council released a proposed rule titled Strengthening America’s Cybersecurity Workforce (the Proposed Rule).  The Proposed Rule would amend the Federal Acquisition Regulation (FAR) by standardizing workforce criteria for cybersecurity and information technology support services contracts.  The Proposed Rule implements a 2019 executive order, America’s Cybersecurity Workforce, which emphasized the strategic importance of a strong cybersecurity workforce.  Comments will be accepted until March 4, 2025, and the FAR Council specifically invites comments on the Proposed Rule’s impact on small entities.