Following instructions from Congress to create a new online shopping system leveraging existing commercial practices, the General Services Administration (“GSA”), in coordination with the Office of Management and Budget (“OMB”), has released an implementation plan (“Plan”) to begin e-commerce purchases by 2019. As discussed in a previous blog post, GSA’s Plan is a first step toward implementing Section 846 of the National Defense Authorization Act for FY 2018, which requires GSA to develop “e-commerce portals” – essentially online shopping sites – for commercially available off-the-shelf (“COTS”) item procurements.
On Tuesday, March 13, 2018, Oregon Governor Kate Brown signed into law House Bill 4005 (HB 4005), which imposes substantial new state reporting requirements on pharmaceutical manufacturers regarding drug pricing, including details on manufacturer-sponsored patient assistance programs. HB 4005 also imposes new reporting requirements on health insurers and establishes a temporary task force charged with developing “a strategy to create transparency for drug prices across the entire supply chain of pharmaceutical products.”
A generic pharmaceutical distributor, Acetris Health, LLC, has challenged the Final Determination of U.S. Customs and Border Protection (“Customs”) that Acetris’ generic prescription drug, Rosuvastatin Calcium Tablets (“Rosuvastatin”), is a product of India, the place where the active pharmaceutical ingredient (“API”) is produced. If successful, the challenge in the U.S. Court of International Trade (“CIT”) could have a meaningful impact on decisions about where to manufacture API for the very broad range of drug products sold to the U.S. Government.
Late last month, the National Institute of Standards and Technology (“NIST”) released a set of documents for public comment that are aimed at helping contractors assess and implement compliance with NIST Special Publication (“SP”) 800-171, which establishes the standards for protecting Covered Defense Information (“CDI”), among other forms of Controlled Unclassified Information (“CUI”). First, NIST released an updated final public draft of SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information. Second, NIST released templates for contractor system security plans (“SSPs”) and plans of action and milestones (“POAMs”). While neither finalized nor mandatory, these documents provide useful guidance for contractors struggling with SP 800-171 compliance.
Earlier this week, both chambers on Capitol Hill took steps that would increase the Department of Homeland Security’s (DHS) role in the area of cybersecurity. On the Senate side, the Senate Homeland Security and Governmental Affairs Committee approved a DHS reauthorization bill that included amendments to rename and reorganize the DHS National Protection and Programs Directorate (NPPD), to increase protections for certain personally identifiable information (PII), and to emphasize the need for cybersecurity research. On the House side, the House Homeland Security Committee approved the Cyber Incident Response Teams Act, which would establish teams within DHS devoted to cyber incident response.
On February 22, 2018, the General Services Administration (GSA) issued a Final Rule to address common commercial supplier agreement terms that it contends are inconsistent with federal law. The purpose of this rule is to streamline negotiations over commercial supplier agreements (“CSAs”), end-user license agreements (“EULAs”), Terms of Sale (“TOSs”) or similar sets of standard terms and conditions. Significantly, the rule reverses several controversial provisions from the Proposed Rule and an earlier class deviation by reverting the order of precedence and eliminating the burdensome requirement of providing the full text of all provisions. Less controversially, but nonetheless important, the Final Rule also formalizes GSA’s longstanding position that certain terms and conditions are unenforceable under federal law.
A few years ago, we reported on regulations governing federal contractors’ nondiscrimination obligations with respect to LGBT employees. The Trump Administration has taken steps to roll back many Obama-era efforts, although the Executive Order and rules establishing LGBT-related protections for employees of federal contractors remain in force, at least for now. The Second Circuit recently decided a high-profile case that affirmed the legal basis for those obligations and extended them beyond the federal contractor community. In doing so, the Second Circuit rejected the Trump Justice Department’s position with respect to LGBT nondiscrimination.
The case, which has generated significant press coverage, deserves close attention from all employers, including contractors, as LGBT nondiscrimination rules continue to develop in courts, executive agencies, and legislatures. In this post, we examine the considerations for government contractors and outline some best practices for companies that work with the federal government. Continue Reading
Few issues have bedeviled the GSA Schedules program as much as the provision of incidental supplies and services under Schedule orders. For years, it has been unclear how such supplies and services are to be purchased and priced, since they are not themselves on Schedule.
But now, with GSA’s new Order-Level Materials (“OLM”) rule, GSA has resolved this issue by expressly permitting the government to easily and quickly obtain incidental supplies and services through the Schedules program.
Inflection Point for IoT
In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications — from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey — has rapidly proliferated, providing significant opportunities and benefits. However, the increased ubiquity of IoT comes with heightened risks to security, privacy and physical safety and without a standardized set of cybersecurity requirements, many IoT devices and systems are vulnerable to attack. Earlier this month, the National Institute of Standards and Technology (NIST) (through the Interagency International Cybersecurity Standardization Working Group (IICS WG)) released a draft report to help both federal agencies and private companies plan and develop cybersecurity standards in their use and production of IoT components, products, systems and services. The draft report stresses the importance of coordination across the private and public sectors in developing standards to bolster the security and resilience of IoT, provides a snapshot of current international cybersecurity standards, and offers recommendations for gap-filling.
Last week, President Donald Trump released his long-awaited infrastructure plan, entitled a “Legislative Outline for Rebuilding Infrastructure in America.” Clocking-in at 53 pages, this plan is designed to “stimulate at least $1.5 trillion in new investment over the next 10 years” through $200 billion of federal funding. The infrastructure plan is intended to provide a “roadmap for the Congress to draft and pass the most comprehensive infrastructure bill in our Nation’s history.” Our high-level key takeaways from that plan are discussed below.