National Security Compliance

Delivering advanced capabilities to the federal government sits at the intersection of cutting-edge technology and national security. Managing classified contracts, Controlled Unclassified Information (CUI), International Traffic in Arms Regulations (ITAR), or dual-use technology while operating across borders and selling to the federal government demands sophisticated, creative solutions so that compliance is operational, durable, and can withstand scrutiny.

At Cassidy Law, we understand your commitment to providing mission-critical support while protecting national security. We partner with you to develop controls designed to meet national security legal requirements, giving you actionable steps to take, not just a summary of legal requirements. We take the time to understand how your company operates so we can translate complex national security requirements into clear, workable controls designed to comply with the law while supporting your growth, even when it is cross-border.

NISPOM and DFARS Compliance

If you are seeking classified contracts or looking to manage your existing classified work, we help build security programs designed for your company. We collaborate to build the controls necessary to pass Defense Counterintelligence and Security Agency (DCSA) scrutiny and to comply with Defense Federal Acquisition Regulation Supplement (DFARS) and National Industrial Security Program Operating Manual (NISPOM) requirements. We guide clients through:

• Seeking and managing facility clearance (FCL) requirements and managing a cleared workforce;
• Structuring and drafting security agreements, proxies, and related governance documents to manage Foreign Ownership, Control, or Influence (FOCI) and requirements as a cleared contractor;
• Advising on NISPOM and DFARS security requirements without over-engineering solutions;
• Identifying and mitigating FOCI risks;
• Understanding and implementing insider threat program requirements;
• Preparing for DCSA audits and developing practical corrective action plans;
• Designing and delivering security training that employees actually understand.

Protecting Sensitive Information: Cybersecurity, CUI, and Classified Data

Cybersecurity, data protection, and managing exports are core national security obligations for federal government contractors and subcontractors, especially those accessing sensitive government information, developing next-generation technology, or operating internationally. But it is not just government information you need to protect. You need to protect your business’s data, products, software, and information, and those of any business partners. Whether you are handling Controlled Unclassified Information (CUI) or classified information, scaling internationally, or building next gen technology, we collaborate to understand the data you own, access, or create and to develop practices to protect it. We support contractors and subcontractors by:

• Understanding your IT infrastructure so we can provide legal guidance on complying with laws and regulations on securing information;
• Identifying the U.S. cybersecurity frameworks, including Cybersecurity Maturity Model Certification (CMMC), National Institute of Standards and Technology (NIST), and related standards that apply to your business;
• Advising on practical implementation of cybersecurity and information security requirements;
• Responding quickly and decisively to cybersecurity incidents or insider threat concerns;
• Guiding required investigation, notification, and reporting obligations;
• Advising on U.S. data protection requirements;
• Drafting clear notices and internal policies designed for how your business operates;
• Aligning cross-border business with export control and national security requirements;
• Supporting the management and protection of CUI and classified materials;
• Developing System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and subcontractor flow-down strategies.

Supply Chain and Sourcing Compliance

The federal government has been clear: supply chain integrity and reliability are national security priorities. We understand businesses need to be cost-effective and practical in meeting these legal requirements while navigating a rapidly changing regulatory and geo-political landscape. Our approach is practical and risk-based. We work with you as you build or improve compliant, resilient supply chains by guiding you through:

• Buy American Act & Trade Agreements Act compliance requirements;
• Compliance with current and emerging tech bans such as Tik Tok, Huawei, and others;
• Developing accurate and complete software attestations and Software Bill of Materials (SBOM);
• Federal Acquisition Supply Chain Security Act (FASCSA) compliance and source exclusion reviews.

When the federal government or your business partners entrust your company with sensitive or classified information, your compliance posture is part of national security. Gaps in security, cybersecurity, export, or supply chain controls can jeopardize contracts, delay programs, trigger audits, and limit your ability to scale or operate globally.

Understanding your legal obligations and building compliance controls that actually work for your business protects government information while enabling your growth strategy. The right approach turns national security obligations into a foundation for trust, continuity, and long-term growth.

• Developed and helped manage a global, publicly-traded U.S.-based cleared defense contractor’s FAR, export, and NISPOM required ethics and compliance program.
• Advised Israeli parent company on the NISPOM and export requirements for its U.S.-based subsidiary and in the purchase of a classified contractor.
• Collaborated with M&A counsel to private equity on assessing the legal risks for purchasing a cleared U.S. defense contractor and on filing and updating its SAM and CAGE codes as well as disclosures to DCSA.
• Advised a U.S.-based entity whose board was controlled by a non-U.S.-based entity on its NISPOM requirements and effective compliance solutions.
• Advised U.S. cleared contractor on considerations for re-organizing its business to be more efficient, saving costs while managing its requirements as a cleared government contractor.
• Counseled U.S. cleared contractor on whether provocative statements made by its engineers related to whether its engineers supported the company’s work required disclosure to DCSA.
• Worked with companies to make disclosures to DCSA related to NISPOM compliance and NISPOM required disclosures.
• Advised company on disclosing a cybersecurity incident to the government.
• Collaborated with client’s civil litigators to develop procedures to provide CUI in discovery which included consulting with legal counsel from all four branches of the Military Services.