As described in an earlier blog post, the Department of Defense (DoD) released an Interim Rule on September 29, 2020 that address DoD’s increased requirements for assessing whether contractors are compliant with the 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).[1] Under this new Interim Rule, … Continue Reading
On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework. The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 … Continue Reading
On August 13, 2020, the Office of Management and Budget (OMB) released new revisions to its Guidance for Grants and Agreements set forth under 2 CFR (commonly referred to as the Uniform Guidance). The Uniform Guidance governs the terms of federal funding issued by agencies, including grants, cooperative agreements, federal loans, and non-cash assistance awards. … Continue Reading
Last week, President Trump issued an executive order aimed at encouraging the expansion American manufacturing of essential medical products — Executive Order on Ensuring Essential Medicines, Medical Countermeasures, and Critical Inputs Are Made in the United States (August 6, 2020) (the “Order”). The Order sets forth an ambitious plan requiring extensive agency action on a … Continue Reading
(This article was originally published in Law360 and has been modified for this blog.) Companies in a range of industries that contract with the U.S. Government—including aerospace, defense, healthcare, technology, and energy—are actively working to assess whether or not their information technology systems comply with significant new restrictions that will take effect on August 13, … Continue Reading
On July 10, 2020, the interim rule implementing Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Pub. L. No. 115-232) was released by the U.S. Government’s Federal Acquisition Regulatory Council. Section 889 prohibits the U.S. Government from buying (as of August 2019)—or contracting with an entity that uses … Continue Reading
In recent years, both Congress and the Executive Branch have made it a key priority to mitigate risks across the industrial and innovation supply chains that provide hardware, software, and services to the U.S. government (“USG”). Five of these initiatives are likely to result in new regulations in 2020, each of which could have a … Continue Reading
On May 5, 2020 the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management (“SCRM”) Task Force (the “Task Force”) released a six-step guide for organizations to start implementing organizational SCRM practices to improve their overall security resilience. The Task Force also released a revised … Continue Reading
The global spread of the COVID-19 virus may put many federal contractors at risk of missing contractual deadlines. In a growing number of cases, supply chains may become cut off, work spaces may be closed, or employees may need to stay home, all of which could impact a contractor’s ability to perform in a timely … Continue Reading
On Monday, the U.S. Court of Appeals for the Federal Circuit issued an opinion in Acetris Health, LLC v. United States, No. 2018-2399 (Fed. Cir. Feb. 10, 2020) (“Acetris”), that would permit pharmaceutical manufacturers to source a drug’s active pharmaceutical ingredient (“API”) from India, China and other non “designated countries” and yet still offer the … Continue Reading
On January 31, the Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”). This is the fourth iteration of the CMMC that DoD has publicly released since it issued the first draft in October, and it is intended to be the version that auditors will be trained against, and that … Continue Reading
The Trump Administration has declared this month National Slavery and Human Trafficking Prevention Month, calling on industry associations, law enforcement, private businesses, and others to work toward ending modern slavery and human trafficking. This proclamation follows the Administration’s efforts to combat human trafficking, which we have previously discussed here, and comes on the heels of … Continue Reading
On November 27, 2019, the Department of Commerce issued a proposed rule to implement the May 15, 2019 Executive Order entitled “Securing the Information and Communications Technology and Services Supply Chain.” Once finalized and effective, the regulations will govern the process and procedures that the Secretary of Commerce will use to determine whether certain transactions … Continue Reading
Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1] This Final Rule comes more than five years after the rule was first proposed in … Continue Reading
A long-standing dispute over the approach to country of origin determinations under the Trade Agreements Act (“TAA”) may soon be resolved, as the Federal Circuit recently heard oral argument in one of two cases presently examining key aspects of this statute. Among other questions presented, the court may decide the standard for determining whether a … Continue Reading
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (“CISA”) Information and Communications Technology (“ICT”) Supply Chain Risk Management Task Force (the “Task Force”) recently released an interim public report. The report describes the Task Force’s efforts over the last year to develop recommendations for securing the Government’s supply chain, and outlines the potential … Continue Reading
Almost a year after Assistant Secretary of the Navy James Geurts issued his September 28, 2018 memorandum (Geurts Memo) imposing enhanced security controls on “critical” Navy programs, the Navy has issued an update to the Navy Marine Corps Acquisition Regulations Supplement (NMCARS) to implement those changes more formally across the Navy. Pursuant to this update, a new … Continue Reading
On September 4, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial … Continue Reading
The FAR Council released an Interim Rule in August implementing part of Section 889 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019. In this briefing, we highlight points where the Interim Rule provides clarity; definitional issues that remain unresolved; and new procedural requirements that government contractors should track. The Interim … Continue Reading
On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”). To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General … Continue Reading
On the eve of the recent government shutdown over border security, Congress and the President were in agreement on a different issue of national security: mitigating supply chain risk. On December 21, 2018, the President signed into law the Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act (the “SECURE Technology Act”) (P.L. 115-390). … Continue Reading
