On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework. The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 … Continue Reading
On August 13, 2020, the Office of Management and Budget (OMB) released new revisions to its Guidance for Grants and Agreements set forth under 2 CFR (commonly referred to as the Uniform Guidance). The Uniform Guidance governs the terms of federal funding issued by agencies, including grants, cooperative agreements, federal loans, and non-cash assistance awards. … Continue Reading
The National Institute for Standards and Technology released the draft of NIST Special Publication 800-172 (“NIST SP 800-172”) on July 6, 2020. This draft special publication succeeds the prior draft NIST SP 800-171B that NIST published in June 2019, and operates as a supplement to the NIST SP 800-171 controls that federal contractors generally must … Continue Reading
(This article was originally published in Law360 and has been modified for this blog.) Companies in a range of industries that contract with the U.S. Government—including aerospace, defense, healthcare, technology, and energy—are actively working to assess whether or not their information technology systems comply with significant new restrictions that will take effect on August 13, … Continue Reading
On July 10, 2020, the interim rule implementing Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. No. 115-232) was released by the U.S. Government’s Federal Acquisition Regulatory Council. Section 889 prohibits the U.S. Government from buying (as of August 2019)—or contracting with an entity that uses … Continue Reading
It goes without saying that the COVID-19 pandemic has significantly affected the Department of Defense (“DoD”) and the defense industrial base. And while Congress has taken steps to mitigate these impacts, the sheer scale of the pandemic’s effects pose a continuing challenge to both DoD and its contractors. Now a group of major defense contractors … Continue Reading
In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government (“USG”). Five of these initiatives are likely to result in new regulations in 2020, each of which could have a … Continue Reading
Late last year, a spokesman for the Department of Defense announced without fanfare that the agency would increase audits of certified cost or pricing data under the Truth in Negotiations Act (“TINA”). While the full effect of that enhanced focus on TINA compliance remains to be seen, a recent decision by the Armed Services Board … Continue Reading
At the end of last month, the Department of Defense (“DoD”) issued a class deviation to implement Section 2821 of the National Defense Authorization Act for Fiscal Year 2020 (“FY20 NDAA”), which seeks to reduce dependence on Russian energy by prohibiting the acquisition of energy sourced from inside Russia for DoD’s main operating bases in … Continue Reading
Last week, DoD released a draft of its much-anticipated guidance implementing Section 3610 of the CARES Act, which authorizes the government to reimburse qualifying contractors for the costs of providing certain paid leave to employees as a result of the COVID-19 pandemic. DoD previously published a collection of memoranda, Q&A documents, and a class deviation … Continue Reading
Defense Department leaders and agencies have been granted much-needed flexibility to respond to the coronavirus pandemic. Last week, Under Secretary of Defense for Acquisition & Sustainment Ellen Lord delegated approval authority for Other Transaction Agreements (“OTs”) related to the coronavirus response, consistent with Section 13006 of the CARES Act.… Continue Reading
As the COVID-19 virus extends its global reach, defense contractors may be called upon to begin implementing their contracts’ mission-essential services plans. These plans, required by DFARS 252.237-7023, facilitate mission-essential functions in extended crisis situations, including pandemics, which are explicitly noted in the DFARS. As the coronavirus outbreak continues, defense contractors should check whether their … Continue Reading
On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”). This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that … Continue Reading
As of February 10, 2020, the World Health Organization (WHO) reported that 40,554 cases of the Novel Coronavirus (2019-nCoV) have been confirmed globally, with twelve cases confirmed in the United States. The WHO has been issuing situation reports on a daily basis since January 21, and each report in February alone has identified more than … Continue Reading
On Friday January 31, 2020, Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, Kevin Fahey, Assistant Secretary of Defense for Acquisition, and Katie Arrington, the Chief Information Security Officer for the Department of Defense (“DoD”), briefed reporters on the release of the Cybersecurity Maturity Model Certification (“CMMC”) Version 1.0. We have discussed draft … Continue Reading
The Trump Administration has declared this month National Slavery and Human Trafficking Prevention Month, calling on industry associations, law enforcement, private businesses, and others to work toward ending modern slavery and human trafficking. This proclamation follows the Administration’s efforts to combat human trafficking, which we have previously discussed here, and comes on the heels of … Continue Reading
On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”). This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October. (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog … Continue Reading
As previously discussed on this blog, the National Defense Authorization Act for Fiscal Year 2017 and the NDAA for Fiscal Year 2018 imposed new limitations on when the Department of Defense can use Lowest Price Technically Acceptable source selection methods. Just last month, the Department of Defense issued a final rule amending the Defense Federal Acquisition Regulation Supplement to … Continue Reading
On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading
Almost a year after Assistant Secretary of the Navy James Geurts issued his September 28, 2018 memorandum (Geurts Memo) imposing enhanced security controls on “critical” Navy programs, the Navy has issued an update to the Navy Marine Corps Acquisition Regulations Supplement (NMCARS) to implement those changes more formally across the Navy. Pursuant to this update, a new … Continue Reading
On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading
The House of Representatives passed its version of the FY2020 National Defense Authorization Act (“NDAA”) last week. The headline story was the remarkably close, party-line vote: in contrast to past years, the bill received no Republican votes, and eight Democratic Members voted against it. Those partisan dynamics obscured the inclusion of two important amendments – … Continue Reading
The Department of Defense (“DoD”) recently announced the development of the ”Cybersecurity Maturity Model Certification” (“CMMC”), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base (“DIB”), particularly as it relates to controlled unclassified information (“CUI”) within the supply chain. The Office of the Under Secretary of Defense for Acquisition … Continue Reading
In the latest step towards delivering on the long-promised “Procurement Through Commercial e-Commerce Portals” program, the General Services Administration has announced plans to build a proof-of-concept for federal online shopping, aiming to issue an RFP by the end of the year for web-based acquisition platforms.… Continue Reading
