This is the thirtieth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken

Continue Reading October 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

Echoing the Obama Administration’s Better Buying Initiative, the Biden Administration announced the Better Contracting Initiative (“BCI”), a four-pronged initiative designed to ensure the Federal Government gets better, and more consistent, terms and prices when purchasing commercial goods and services, while enhancing support for small and disadvantaged businesses.  The Initiative’s four prongs include:

Continue Reading More Bang for the Government’s Buck: The Biden Administration Announces the Better Contracting Initiative

The Armed Services Board of Contract Appeals has issued its annual report for FY 2023, shedding light on how often contractor appeals reach a successful result, and what agencies are most frequently involved in contract litigation.

Continue Reading ASBCA Issues Annual Report, Providing Data on How Often Contractors Prevail

This is the twenty-ninth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through August 2023.  This blog describes key actions taken to implement the Cyber EO, as well as the U.S. National Cybersecurity Strategy, during September 2023. 

Continue Reading September 2023 Developments Under President Biden’s Cybersecurity Executive Order and National Cybersecurity Strategy

On Thursday, GAO released its Bid Protest Annual Report to Congress for Fiscal Year 2023, which provides bid protest statistics and other interesting information regarding GAO’s protest system.

Continue Reading GAO’s Annual Bid Protest Report:  Protest Filings and Sustain Rate Soar

On October 5, 2023, the Federal Acquisition Regulatory Council (FAR Council) issued an interim Federal Acquisition Regulation rule (FAR rule) that implements the Federal Acquisition Supply Chain Security Act (FASCSA).  This FAR rule implements the requirements of the Federal Acquisition Supply Chain Security Act of 2018 and the Federal Acquisition Security Council (FASC) final rule for complying with exclusion or removal orders. The FAR rule represents yet another step by the Government to mitigate the security risks that the Government perceives with the use of information technology that may be produced or provided by countries considered to be foreign adversaries.  Like similar supply chain prohibitions, the rule requires contractors to conduct diligence to ensure that articles and sources covered by a FASCA exclusion or removal order are not provided to the Government, to make an affirmative representation to the Government that such articles and sources will not be provided, and to promptly report if any are identified.  The FAR rule will become effective on December 4, 2023, and will apply to new contracts and contracts subject to extension or renewal.  The rule instructs that existing IDIQ contracts should be modified by the Government within six months of December 4, 2023 to apply the requirements to future orders.

Additional information about the rule and its relationship to existing FASCSA regulations is outlined below.

Continue Reading FAR Council Issues Interim Rule Outlining Procedures Relating to Excluded Covered Articles and Sources

On October 17, 2023, the U.S. Government Accountability Office (“GAO”) published a report on mergers and acquisitions (“M&A”) in the defense industrial base. The report details the current M&A review process of the Department of Defense (“DOD”) and provides recommendations to proactively assess M&A competition risks.

Continue Reading GAO Recommends Increased Guidance for DOD Mergers & Acquisitions Review

Although Congress averted a Government shutdown on October 1 by passing a temporary spending bill, we may be headed toward a shutdown next month.  As many Federal Government contractors have experienced during prior Government shutdowns, some portions of the Government — primarily those not funded through annual appropriations bills or that provide “essential services” — may continue to operate (often without pay or access to certain resources), while others shut down immediately, leaving contractors with a customer that often is unable to provide funding, authorize contract actions or respond to inquiries until the Government reopens its doors.  Faced with these challenges, contractors would be well advised to ensure their shutdown plans position them to navigate the potential challenges.  Each agency and contract can offer unique challenges, but we offer a few key considerations below to guide contractors in assessing their approaches to potential shutdowns:

Continue Reading Key Steps Contractors Should Consider When Facing a Government Shutdown

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, titled “Cyber Threat and Incident Reporting and Information Sharing,” adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, which we will cover in a separate blog post, is titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” and covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through September 2023. This blog describes key requirements imposed by the proposed “Cyber Threat and Incident Reporting and Information Sharing” rule.

Continue Reading FAR Cyber Threat and Incident Reporting and Information Sharing Rule

Following our recent overview of topics to watch in the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2024, available here, we continue our coverage with a “deep dive” into NDAA provisions related to cybersecurity and software security in each of the Senate and House bills.  For the past three years, the NDAA has dedicated a separate Title to cyber and cybersecurity, reflecting the increased importance of these issues in Department of Defense (“DoD”) operations.  As expected, both the Senate and House versions of the NDAA bill continue this tradition.  Many of the cyberspace related provisions in both chambers’ bills would have direct or indirect impacts on DoD contractors and other members of the Defense Industrial Base (“DIB”).  We summarize below the cyber-related provisions that are most likely to impact the DIB. 

Continue Reading Key Cyber Security and Software Security Provisions of the House and Senate Versions of the Fiscal Year (FY) 2024 National Defense Authorization Act (NDAA)