Ryan Burnette

Ryan Burnette advises clients on a range of issues related to government contracting. Mr. Burnette has particular experience with helping companies navigate mergers and acquisitions, FAR and DFARS compliance issues, public policy matters, government investigations, and issues involving government cost accounting and the Cost Accounting Standards. Prior to joining Covington, Mr. Burnette served in the Office of Federal Procurement Policy in the Executive Office of the President, where he worked on government-wide contracting regulations and administrative actions affecting more than $400 billion dollars’ worth of goods and services each year.

Subscribe to all posts by Ryan Burnette

How is DoD Planning to Use the Supplier Performance Risk System (SPRS)?

As described in an earlier blog post, the Department of Defense (DoD) released an Interim Rule on September 29, 2020 that address DoD’s increased requirements for assessing whether contractors are compliant with the 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).[1] Under this new Interim Rule, … Continue Reading

New Section 889 Restrictions Included in Updated Uniform Guidance Regulations from the Office of Management and Budget

By Susan B. Cassidy, Samantha Clark, Ryan Burnette and Darby Rourick on August 26, 2020 Posted in Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance, NDAA, Supply Chain

On August 13, 2020, the Office of Management and Budget (OMB) released new revisions to its Guidance for Grants and Agreements set forth under 2 CFR (commonly referred to as the Uniform Guidance). The Uniform Guidance governs the terms of federal funding issued by agencies, including grants, cooperative agreements, federal loans, and non-cash assistance awards. … Continue Reading

National Institute for Standards and Technology Releases Draft of NIST SP 800-172

By Susan B. Cassidy, Ashden Fein, Ryan Burnette and Darby Rourick on August 10, 2020 Posted in Cybersecurity, Defense Industry

The National Institute for Standards and Technology released the draft of NIST Special Publication 800-172 (“NIST SP 800-172”) on July 6, 2020. This draft special publication succeeds the prior draft NIST SP 800-171B that NIST published in June 2019, and operates as a supplement to the NIST SP 800-171 controls that federal contractors generally must … Continue Reading

M&A and Section 889: Due Diligence and Integration Considerations

By Scott A. Freling, Susan B. Cassidy, Samantha Clark and Ryan Burnette on August 5, 2020 Posted in Commercial Items, Cybersecurity, Defense Industry, Energy, Government Contracts Regulatory Compliance, Information Technology Contracting, Supply Chain

(This article was originally published in Law360 and has been modified for this blog.) Companies in a range of industries that contract with the U.S. Government—including aerospace, defense, healthcare, technology, and energy—are actively working to assess whether or not their information technology systems comply with significant new restrictions that will take effect on August 13, … Continue Reading

“Section 889” Prohibition on “Use” of Covered Telecommunications Equipment by Federal Contractors Released as an Interim Rule

By Susan B. Cassidy, Samantha Clark, Ryan Burnette, Darby Rourick and Zachary Mears on July 24, 2020 Posted in Defense Industry, Government Contracts Regulatory Compliance, Supply Chain

On July 10, 2020, the interim rule implementing Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. No. 115-232) was released by the U.S. Government’s Federal Acquisition Regulatory Council. Section 889 prohibits the U.S. Government from buying (as of August 2019)—or contracting with an entity that uses … Continue Reading

Contractor Supply Chain Readiness – An Update on Expected Regulatory Changes

By Susan B. Cassidy, Samantha Clark and Ryan Burnette on July 2, 2020 Posted in Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance, Information Technology Contracting, NDAA, Procurement Policy, Supply Chain

In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government (“USG”). Five of these initiatives are likely to result in new regulations in 2020, each of which could have a … Continue Reading

CISA Information and Communications Technology Supply Chain Risk Management Task Force Releases New Guidance on Security Resiliency

By Susan B. Cassidy, Trisha Anderson, Zachary Mears and Ryan Burnette on May 7, 2020 Posted in Information Technology Contracting, Supply Chain

On May 5, 2020 the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management (“SCRM”) Task Force (the “Task Force”) released a six-step guide for organizations to start implementing organizational SCRM practices to improve their overall security resilience. The Task Force also released a revised … Continue Reading

State of Emergency: COVID-19, the Stafford Act, and What It All Means for Contractors

By Trisha Anderson, Frederic Levy, Michael Wagner and Ryan Burnette on March 18, 2020 Posted in Coronavirus, COVID-19, Government Contracts Regulatory Compliance, State and Local Procurements

On March 13, the President declared a national emergency in response to the COVID-19 pandemic. Doing so activated the authorities available to the President under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. §§ 5121-5207 (the “Stafford Act”) to provide federal assistance to state and local governments responding to the emergency, … Continue Reading

A Closer Look at Version 1.0 of DoD’s Cybersecurity Maturity Model Certification

By Susan B. Cassidy, Ashden Fein, Samantha Clark, Ryan Burnette and Darby Rourick on February 13, 2020 Posted in Cybersecurity, Defense Industry, Supply Chain

On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”). This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that … Continue Reading

DoD Announces the Release of CMMC Version 1.0

By Susan B. Cassidy, Ashden Fein, Samantha Clark, Ryan Burnette and Darby Rourick on February 4, 2020 Posted in Cybersecurity, Defense Industry

On Friday January 31, 2020, Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, Kevin Fahey, Assistant Secretary of Defense for Acquisition, and Katie Arrington, the Chief Information Security Officer for the Department of Defense (“DoD”), briefed reporters on the release of the Cybersecurity Maturity Model Certification (“CMMC”) Version 1.0. We have discussed draft … Continue Reading

DoD Releases Version 0.7 of Its Cybersecurity Maturity Model Certification

By Susan B. Cassidy, Samantha Clark and Ryan Burnette on December 17, 2019 Posted in Cybersecurity, Defense Industry, Procurement Policy

On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”). This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October. (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog … Continue Reading

Commerce Department Proposes Rule Impacting Information and Communications Technology Supply Chains

By Samantha Clark and Ryan Burnette on December 3, 2019 Posted in Supply Chain

On November 27, 2019, the Department of Commerce issued a proposed rule to implement the May 15, 2019 Executive Order entitled “Securing the Information and Communications Technology and Services Supply Chain.” Once finalized and effective, the regulations will govern the process and procedures that the Secretary of Commerce will use to determine whether certain transactions … Continue Reading

DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification

By Susan B. Cassidy, Samantha Clark and Ryan Burnette on November 13, 2019 Posted in Cybersecurity, Defense Industry, Procurement Policy

On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading

CISA Information and Communications Technology Supply Chain Risk Management Task Force Issues New Interim Report

By Susan B. Cassidy and Ryan Burnette on October 2, 2019 Posted in Cybersecurity, Information Technology Contracting, Procurement Policy, Supply Chain

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management Task Force (the “Task Force”) recently released an interim public report. The report describes the Task Force’s efforts over the last year to develop recommendations for securing the Government’s supply chain, and outlines the potential … Continue Reading

DoD Releases Public Draft of Cybersecurity Maturity Model Certification and Seeks Industry Input

By Susan B. Cassidy, Samantha Clark and Ryan Burnette on September 6, 2019 Posted in Cybersecurity, Defense Industry, Government Contracts Regulatory Compliance, Supply Chain

On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading

When Compliance Is Not Enough: OIG Seeks Voluntary Refund Despite Contractor’s Adherence to “TINA” Requirements

By Michael Wagner, Susan B. Cassidy and Ryan Burnette on March 11, 2019 Posted in Defense Industry, Government Contracts Regulatory Compliance, Procurement Policy, Procurement Reform

On February 25, 2019, the Office of Inspector General (“OIG”) for the Department of Defense (“DoD”) issued an audit report analyzing the prices of spare aviation parts purchased by the Defense Logistics Agency (“DLA”) and the Army from TransDigm Group, Inc. (“TransDigm”). The audit was conducted in response to letters from certain Members of Congress, … Continue Reading

Lowest Price Technically Acceptable Solicitations No Longer Acceptable? Reviewing the Department of Defense’s Proposed Changes to the DFARS

By Hunter Bennett and Ryan Burnette on December 27, 2018 Posted in Bid Protests, Government Contracts Regulatory Compliance, Procurement Policy

In a proposed rule issued earlier this month, the Department of Defense (“DoD”) seeks to incorporate into the Defense Federal Acquisition Regulations Supplement (“DFARS”) restrictions on the use of the lowest price technically acceptable (“LPTA”) source selection method from the National Defense Authorization Act (“NDAA”) for Fiscal Years 2017 and 2018. This proposed rule makes … Continue Reading

Fourth Circuit Further Defines Scope of Contractor Risks in the FMS Sales Context

By Alan Pemberton, Jennifer Plitsch and Ryan Burnette on April 26, 2018 Posted in Defense Industry, FMS and DCS

The Court of Appeals for the Fourth Circuit recently published a decision that expanded on its prior Trimble ruling that a foreign government customer cannot sue a U.S. contractor in the Foreign Military Sales (“FMS”) context (at least in U.S. courts). In BAE Sys. Tech. Solution & Servs., Inc. v. Republic of Korea’s Def. Acq. … Continue Reading

Third Time Around: Inconsistencies Persist with Final DFARS Commercial Items Rule

By Kevin Barnett and Ryan Burnette on February 20, 2018 Posted in Commercial Items, Defense Industry, Government Contracts Regulatory Compliance, Procurement Policy, Procurement Reform

On January 31, 2018, the Department of Defense (“DoD” or the “Department”) published a final rule regarding commercial item purchasing requirements. Among other key amendments, the final rule modifies the Defense Federal Acquisition Regulation Supplement (“DFARS”) by: (i) formalizing a presumption of commerciality for items that DoD previously treated as commercial; (ii) providing commercial item … Continue Reading

Department of State Releases 2017 TIP Report

By Jennifer Plitsch, Ryan Burnette and Alexander Hastings on July 18, 2017 Posted in Government Contracts Regulatory Compliance, Procurement Policy

The Department of State has released its 2017 Trafficking in Persons (“TIP”) Report. As with prior versions of the annual report, the State Department reviewed efforts made by more than 180 countries to address the minimum Prosecutorial, Protective, and Preventative standards necessary for effective anti-trafficking measures, as these standards are outlined in the United States’ … Continue Reading

A Tale of Two Contract Releases: One for the Government, One for the Contractor

By Ryan Burnette on May 1, 2017 Posted in Claims and Contract Disputes

On the heels of our recent post offering key takeaways from recent release of claims decisions, the ASBCA and the CBCA have published another round of notable opinions regarding contract releases: Supply & Service Team GmbH, ASBCA No. 59630 and ServiTodo, LLC, CBCA 5524. Both decisions are important, albeit for different reasons. The ASBCA decision demonstrates … Continue Reading

New Policies on Sustainable Acquisition: Among the Last Proposed FAR Rules of the Obama Administration

By Dan Johnson and Ryan Burnette on February 7, 2017 Posted in Government Contracts Regulatory Compliance, Procurement Policy

Just two days before Donald Trump’s Inauguration, the Federal Acquisition Regulatory Council published a proposed rule to implement Executive Order 13693, Planning for Federal Sustainability in the Next Decade, and certain biobased acquisition provisions of the Agricultural Act of 2014. The Council characterized the rule as advancing policies put into effect by an interim rule … Continue Reading

New Guidance on Contractor Risk Management Under the Human Trafficking Rule Released

By Jennifer Plitsch, Ryan Burnette, Michael Wagner and Alexander Hastings on December 14, 2016 Posted in Government Contracts Regulatory Compliance, Procurement Policy

On December 7, the Office of Management and Budget, the Department of Labor, and the Office to Monitor and Combat Trafficking in Persons in the Department of State, issued a proposed memorandum titled “Anti-Trafficking Risk Management Best Practices & Mitigation Considerations.” The document is intended, at least in part, to “promote clarity and consistency in … Continue Reading

FAR Council Clarifies 8(a) Sole Source Justification Requirements for High Value Contracts

By Jay Carey and Ryan Burnette on November 29, 2016 Posted in Government Contracts Regulatory Compliance, Procurement Policy, Small Business

On October 15, the Federal Acquisition Regulatory Council (FAR Council), issued a proposed rule to clarify contracting officer and agency responsibilities when justifying sole source awards exceeding $22 million dollars made through the Small Business Administration’s 8(a) program. The revisions directly address recommendations from a December 2012 Government Accountability Office (GAO) report titled, “Slow Start … Continue Reading