Archives: Information Technology Contracting

Subscribe to Information Technology Contracting RSS Feed

DoD Further Clarifies Its DFARS Cybersecurity Requirements

On January 27, 2017, the Department of Defense (DoD) issued an updated Frequently Asked Questions (FAQ) regarding the application and requirements of DFARS 252.204.7012 Safeguarding Covered Defense Information and Cyber Incident Reporting. Though questions remain regarding various nuances of the rule, the FAQ is a helpful document for those contractors still working on implementation of … Continue Reading

DOD Final Rule Addresses Source Requirements and Cost Recovery for Use of Counterfeit Electronic Parts

Supply chain protection has been a point of increasing emphasis by the Government and especially the Department of Defense (“DoD”) in recent years. In no area is this more true than ensuring that Government systems and equipment are free from counterfeit electronic parts, which can raise both security and defect concerns. DoD has accordingly taken several steps, many of which have taken the form of new requirements on contractors, to protect against counterfeit electronic parts. With these requirements has come added risk to contractors that even mistakenly use electronic parts in the goods they sell to DoD. However, an August 30, 2016, final DFARS rule (implemented at DFARS 2301.205-71) seeks to mitigate some of this risk by allowing contractors to recover the cost of replacing counterfeit electronic parts, as long as the contractor has taken certain steps to prevent the use of such parts.… Continue Reading

DoD IG Report Reveals Ongoing Struggles in IT-Acquisition Reform

IT-acquisition reform remains an area of ongoing concern for Federal agencies and government contractors.  Indeed, as we previously discussed, the GAO has added IT Acquisitions and Operations to its bi-annual list of programs it identifies as posing a high risk for fraud, waste, abuse, and mismanagement.  Strengthened by Congress’ passage in December 2014 of the … Continue Reading

Time Is On My Side: DoD Hears Industry Concerns – Additional Time Provided to Implement Security Controls Under New Cyber Rule

On December 30th, the Department of Defense (DoD) issued a Second Interim Rule amending its “Network Penetration Reporting and Contracting for Cloud Services” Interim Rule and giving  contractors until December 31, 2017 to implement the NIST SP 800-171 security controls required by DFARS 252.204-7012.  As noted in a previous post, DoD has already issued a … Continue Reading

DoD Issues Targeted Class Deviation Updating Recently Adopted Cybersecurity DFARS Clauses

Last week, on October 8th, DoD issued a class deviation replacing DFARS 252.204-7012 and 252.204-7008 with revised clauses that give covered contractors up to nine (9) months (from the date of contract award or modification incorporating the new clause(s)) to satisfy the requirement for “multifactor authentication for local and network access” found in Section 3.5.3 … Continue Reading

GSA Seeks Input on Eliminating IT Schedule 70’s Two-Year Experience Requirement

Last month, we discussed Information Technology (IT) Schedule 70, one of the largest contract vehicles administered by the U.S. General Services Administration (GSA). GSA now is evaluating whether Schedule 70 should be made more accessible to certain small contractors, new IT providers, and other, similarly situated firms.… Continue Reading

GSA Seeks Industry Input on Cybersecurity Schedule Offerings

Earlier this month, the U.S. General Services Administration (GSA) issued a Request for Information (RFI) soliciting feedback from industry on ways to improve the sale of Cybersecurity and Information Assurance (CyberIA) products and services through GSA’s multi-billion dollar Information Technology (IT) Schedule 70. IT Schedule 70 currently features more than a dozen special item numbers (SINs) for cybersecurity … Continue Reading

DOD Issues Interim Rule Addressing New Requirements for Cyber Incidents and Cloud Computing Services

On August 26, 2015, the Department of Defense (DoD) issued an interim rule that imposes expanded obligations on defense contractors and subcontractors with regard to the protection of “covered defense information” and the reporting of cyber incidents occurring on unclassified information systems that contain such information.  Nearly three years in the making, this interim rule replaces the … Continue Reading

OMB Issues New Draft Cyber Guidance for Contractors

On August 11, 2015, the Office of Management and Budget (OMB) issued a draft guidance memorandum intended to improve cybersecurity protections in federal acquisitions. Specifically, the proposed memorandum provides direction to federal agencies on “implementing strengthened cybersecurity protections in Federal acquisitions for products or services that generate, collect, maintain, disseminate, store, or provides access to … Continue Reading

DoD Issues Three Cloud Computing and Security Documents for Public Comment

On July 24, 2015, the Defense Information Security Agency (“DISA”) issued three draft documents (available here for download) concerning the adoption of secure cloud computing systems by the Department of Defense (“DoD”).  DISA is tasked with developing DoD’s security requirements guides for cybersecurity policies, standards, architectures, security controls, and validation procedures.  Here, the just-released, draft … Continue Reading

U.S., U.K. Governments Seek Cyber Innovations from Private Sector

The private sector is likely to produce critical cyber innovations—at least, that is what the U.S. Defense Advanced Research Projects Agency (“DARPA”) and the U.K. Centre for Defence Enterprise (“CDE”) would like to see. In the United States, although the internet may have been invented at DARPA, DARPA is turning to a private sector competition to protect … Continue Reading

GAO Reports Highlight Ongoing Struggles in Reforming IT Acquisitions and Operations

As federal agencies are slated to spend almost $80 billion on federal information technology (“IT”) acquisitions this fiscal year and the OMB prepares to issue its final guidance on the Federal Information Technology Acquisition Reform Act (“FITARA”), GAO has released two reports this month that discuss ongoing efforts to improve IT procurement.  Combined with GAO’s recent addition … Continue Reading

Another Proposal from GSA: a Class Deviation for Commercial Agreements

March has been a busy month for the GSA in its efforts to implement what it has touted as a “new vision for Federal purchasing.” On March 5, 2014, GSA announced a proposed rule to reform pricing practices and contractor reporting requirements under multiple award schedule contracts. In its latest move, on March 20, 2015, … Continue Reading

Efforts to Define Recruitment Fees Move Forward as Newly-Revised Human Trafficking Rule Goes into Effect

Late last week the House Foreign Affairs Committee approved H.R. 400, which would require the Department of State and the United States Agency for International Development (USAID) to propose a definition of recruitment fees within 180 days of the statute’s enactment.  H.R. 400 explains that “contractors sometimes employ foreign workers who are citizens neither of … Continue Reading

IT Acquisitions and Operations Added to GAO’s List of High-Risk Programs

GAO has added IT Acquisitions and Operations to its list of programs it identifies as posing a high risk for fraud, waste, abuse, and mismanagement.  This biennial list contains GAO’s analysis of newly- and previously-added high-risk programs and recommendations for improving their economy, efficiency, and effectiveness. In adding IT Acquisitions and Operations to this list, … Continue Reading

House introduces the “Reforming Federal Procurement of Information Technology Act”

Rep. Anna G. Eshoo (D-Calif.) recently introduced the Reforming Federal Procurement of Information Technology (“RFP-IT”) Act. This Act is similar in many ways to earlier drafts of the FITARA bill on which we have previously reported, with a few notable differences. Among other things, the RFP-IT Act would: significantly increase the Simplified Acquisition Threshold for … Continue Reading
LexBlog