Photo of Marcia Madsen

Marcia focuses on Government Contracts and Litigation, advising clients on contract formation, teaming and strategic alliances, contract and subcontract negotiations, performance disputes, audits, terminations, cost accounting and allowability, technical data rights and trade secrets, and fraud/false claims investigations • litigates bid protests and claims and disputes before the GAO, the Boards of Contract Appeals, the Court of Federal Claims, and various other federal and state courts • has handled numerous ADR and mediation proceedings • areas of concentration include aerospace and defense contracts, systems integration, information systems and telecommunications contracts, health care and bio-technology, homeland security contracts, environmental remediation, and research and development contracts.

Read Marcia's full bio.

The Biden administration released its National Cybersecurity Strategy (“Strategy”) on March 2, 2023.1 The Strategy builds on previous policy actions by the Biden administration that sought to strengthen cybersecurity in critical infrastructure and protect personal data, including through regulatory action, government procurement requirements, and an emphasis on software security. The Strategy calls for (1)

On September 14, 2022, the US Office of Management and Budget (OMB) published a memorandum, M-22-18, requiring federal agencies to comply with previously announced guidelines for ensuring the integrity of third-party software on an agency’s information systems or that otherwise affects government information. Applicable to firmware, operating systems, applications, and application services (e.g., cloud-based

In remarks on October 13, 2021, at the Cybersecurity and Infrastructure Security Agency (“CISA”) National Cybersecurity Summit, Acting Assistant Attorney General Brian Boynton fleshed out the Department of Justice’s (“DOJ”) thinking regarding the nature of the cybersecurity failures that are likely targets for potential False Claims Act (“FCA”)1 enforcement under the Civil Cyber-Fraud Initiative

On October 6, 2021, the US Department of Justice (DOJ) announced a new initiative to address cyber-fraud and that focuses on government contractors. Specifically, DOJ has launched a “Civil Cyber-Fraud Initiative” (Initiative), which will combine DOJ’s “expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security

The William (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (“NDAA”) enacts major changes to America’s cyber defenses, reshaping how the private sector can combat growing cyber threats, as well as realigning roles and responsibilities of federal government agencies. This Legal Update discusses select cyber provisions in the NDAA and highlights key takeaways

The recent enactment of the “Internet of Things Cybersecurity Improvement Act of 2020” (the “Act”) promises new scrutiny of security in the Internet of Things (“IoT”)—the broad array of connected devices that are increasingly integrated into every aspect of modern life. This important legislation provides for the creation of IoT security guidelines for devices sold

On January 31, 2020, the US Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Cybersecurity Maturity Model Certification (CMMC) Version 1.0. DoD developed the CMMC to provide a unified cybersecurity standard for defense contractors and suppliers across all of the Defense Industrial Base (DIB), which,

On November 7, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Draft Version 0.6 of its Cybersecurity Maturity Model Certification (CMMC) for public comment. According to DoD’s overview briefing, the CMMC was created to provide “a unified cybersecurity standard for DoD acquisitions to

Cyber threats continue to evolve, and data privacy considerations continue to grow more complex. Whether defending against global ransomware campaigns or adjusting to new legal regimes governing international data transfers, companies of all sizes today face unprecedented cybersecurity and data privacy challenges.

Our practical guide, Staying Ahead of the Curve: Cybersecurity and Data Privacy—Hot Topics

Companies across industry sectors have developed risk-based cybersecurity programs to respond to the substantial and complex cyber threats they face. Managing regulatory risk has become an important element of these cybersecurity programs, as regulators use rules, enforcement actions, and guidance to establish an increasingly complex framework of regulatory expectations.

This 80-page book offers insights on