As the COVID-19 virus extends its global reach, defense contractors may be called upon to begin implementing their contracts’ mission-essential services plans. These plans, required by DFARS 252.237-7023, facilitate mission-essential functions in extended crisis situations, including pandemics, which are explicitly noted in the DFARS. As the coronavirus outbreak continues, defense contractors should check whether their … Continue Reading
On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”). This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that … Continue Reading
As of February 10, 2020, the World Health Organization (WHO) reported that 40,554 cases of the Novel Coronavirus (2019-nCoV) have been confirmed globally, with twelve cases confirmed in the United States. The WHO has been issuing situation reports on a daily basis since January 21, and each report in February alone has identified more than … Continue Reading
On Friday January 31, 2020, Ellen Lord, Under Secretary of Defense for Acquisition and Sustainment, Kevin Fahey, Assistant Secretary of Defense for Acquisition, and Katie Arrington, the Chief Information Security Officer for the Department of Defense (“DoD”), briefed reporters on the release of the Cybersecurity Maturity Model Certification (“CMMC”) Version 1.0. We have discussed draft … Continue Reading
The Trump Administration has declared this month National Slavery and Human Trafficking Prevention Month, calling on industry associations, law enforcement, private businesses, and others to work toward ending modern slavery and human trafficking. This proclamation follows the Administration’s efforts to combat human trafficking, which we have previously discussed here, and comes on the heels of … Continue Reading
On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”). This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October. (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog … Continue Reading
As previously discussed on this blog, the National Defense Authorization Act for Fiscal Year 2017 and the NDAA for Fiscal Year 2018 imposed new limitations on when the Department of Defense can use Lowest Price Technically Acceptable source selection methods. Just last month, the Department of Defense issued a final rule amending the Defense Federal Acquisition Regulation Supplement to … Continue Reading
On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading
Almost a year after Assistant Secretary of the Navy James Geurts issued his September 28, 2018 memorandum (Geurts Memo) imposing enhanced security controls on “critical” Navy programs, the Navy has issued an update to the Navy Marine Corps Acquisition Regulations Supplement (NMCARS) to implement those changes more formally across the Navy. Pursuant to this update, a new … Continue Reading
On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading
The House of Representatives passed its version of the FY2020 National Defense Authorization Act (“NDAA”) last week. The headline story was the remarkably close, party-line vote: in contrast to past years, the bill received no Republican votes, and eight Democratic Members voted against it. Those partisan dynamics obscured the inclusion of two important amendments – … Continue Reading
The Department of Defense (“DoD”) recently announced the development of the ”Cybersecurity Maturity Model Certification” (“CMMC”), a framework aimed at assessing and enhancing the cybersecurity posture of the Defense Industrial Base (“DIB”), particularly as it relates to controlled unclassified information (“CUI”) within the supply chain. The Office of the Under Secretary of Defense for Acquisition … Continue Reading
In the latest step towards delivering on the long-promised “Procurement Through Commercial e-Commerce Portals” program, the General Services Administration has announced plans to build a proof-of-concept for federal online shopping, aiming to issue an RFP by the end of the year for web-based acquisition platforms.… Continue Reading
On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”). To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General … Continue Reading
(This article was originally published in Law360 and has been modified for this blog.) On Jan. 21, 2019, Ellen Lord, the Under Secretary of Defense for Acquisition and Sustainment, issued a memorandum focused on assessing contractor compliance with the DFARS cyber clause via audits of a Contractor’s purchasing system.[1] One intent of this guidance is … Continue Reading
On February 25, 2019, the Office of Inspector General (“OIG”) for the Department of Defense (“DoD”) issued an audit report analyzing the prices of spare aviation parts purchased by the Defense Logistics Agency (“DLA”) and the Army from TransDigm Group, Inc. (“TransDigm”). The audit was conducted in response to letters from certain Members of Congress, … Continue Reading
The Section 809 Panel recently concluded its monumental analysis of defense acquisition law and regulations and released its third volume of recommended changes. As we have written previously, the Panel’s work stands out from previous acquisition reform efforts with the appendices of detailed legislative and regulatory changes that accompany the commissioners’ analysis and recommendations. Given … Continue Reading
On February 12, 2019 the Department of Defense released a summary and supplementary fact sheet of its artificial intelligence strategy (“AI Strategy”). The AI Strategy has been a couple of years in the making as the Trump administration has scrutinized the relative investments and advancements in artificial intelligence by the United States, its allies and … Continue Reading
Compliance with the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 is only the beginning for contractors that receive controlled defense information (CDI) in performance of Department of Defense (DoD) contracts and subcontracts. Faced with an evolving cyber threat, DoD contractors have experienced an increased emphasis on protecting DoD’s … Continue Reading
On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security: mitigating supply chain risk. On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390). … Continue Reading
(This article was originally published in Law360 and has been modified for this blog.) The Government Accountability Office (GAO) recently issued a bid protest decision regarding the application of the Berry Amendment’s domestic sourcing requirement to a U.S. Department of Defense (DOD) solicitation for leather combat gloves with touchscreen capability. In that decision, the GAO … Continue Reading
(This article was originally published in Law360 and has been modified for this blog.) Government contractors undergoing an asset transaction know all too well the peculiarity and uncertainty associated with the transfer of a U.S. government contract through the required novation process. In two recent decisions, the Government Accountability Office considered the impact of such … Continue Reading
The Department of Defense (DoD) recently issued final guidance for requiring activities to assess contractors’ System Security Plans (SSPs) and their implementation of the security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171. A draft of this guidance was made available for public comment in April 2018. As noted in … Continue Reading
The Department of Defense (“DoD”) has proposed a new rule limiting the use of “brand name or equal” contract competitions, calling on contracting officers to publicly justify their need for a brand name-type product before issuing a solicitation. The rule would implement Section 888(a) of the National Defense Authorization Act of 2017, which directed the … Continue Reading
