Photo of Susan B. Cassidy

Susan B. Cassidy

Ms. Cassidy represents clients in the defense, intelligence, and information technologies sectors.  She works with clients to navigate the complex rules and regulations that govern federal procurement and her practice includes both counseling and litigation components.  Ms. Cassidy conducts internal investigations for government contractors and represents her clients before the Defense Contract Audit Agency (DCAA), Inspectors General (IG), and the Department of Justice with regard to those investigations.  From 2008 to 2012, Ms. Cassidy served as in-house counsel at Northrop Grumman Corporation, one of the world’s largest defense contractors, supporting both defense and intelligence programs. Previously, Ms. Cassidy held an in-house position with Motorola Inc., leading a team of lawyers supporting sales of commercial communications products and services to US government defense and civilian agencies. Prior to going in-house, Ms. Cassidy was a litigation and government contracts partner in an international law firm headquartered in Washington, DC.

Ahead of the upcoming December 31, 2017 deadline for federal defense contractors to implement the security controls of National Institute of Standards and Technology (“NIST”) Special Publication 800-171 (“SP 800-171”), NIST has released a new draft publication designed to assist organizations in assessing compliance under SP 800-171, Draft Special Publication 800-171A, Assessing Security Requirements for Controlled Unclassified Information (“CUI”) (“SP 800-171A”).

Currently, there is no regulation or statute that imposes SP 800-171A on contractors. Rather, SP 800-171A is intended as guidance for organizations in developing assessment plans and conducting “efficient, effective, and cost-effective” assessments of the implementation of security controls required by SP 800-171. Similar to SP 800-171, SP 800-171A does not prescribe specific, required assessment procedures. Instead, SP 800-171A provides a series of “flexible and tailorable” procedures that organizations could use for conducting assessments with each security control in SP 800-171. SP 800-171A specifically recognizes three distinct methods for conducting assessments: examining and interviewing to facilitate understanding, achieve clarification, or obtain evidence and testing to compare actual results with expectations.
Continue Reading NIST Releases New Draft Publication Designed to Assist Contractors In Assessing Compliance with NIST SP 800-171