On November 15, 2024, the Department of Defense (“DoD”) published a Notice of Proposed Rulemaking (“Proposed Rule”) entitled “Defense Federal Acquisition Regulation Supplement: Disclosure of Information Regarding Foreign Obligations.” The Proposed Rule would impose new disclosure obligations on “Offeror[s]” (pre-award) and “Contractor[s]” (post-award) that are triggered in certain
Continue Reading Department of Defense Publishes Notice of Proposed Rulemaking on Disclosure of Computer and Source Code to Foreign EntitiesDFARS
Trade Agreements Act Certifications Undergo New Scrutiny
GAO’s recent protest decision in HPI Federal, LLC, B-422583, Aug. 9, 2024, 2024 WL 3823852, highlights the importance of making clear and precise Trade Agreements Act (TAA) compliance certifications when offering products for sale to the U.S. Government.
- On the one hand, GAO found that it was unreasonable for an agency to accept an offeror’s certification that certain of its products were “assembled in” a TAA-compliant country as evidence of the product’s TAA compliance. GAO reasoned that the referenced assembly — which was not described in the proposal — may not satisfy the TAA’s requirement for “substantial transformation” in that country.
- In contrast, GAO found that it was reasonable for the agency to accept the same offeror’s certification that other products had a TAA-compliant “country of origin”.
As these contrasting examples show, offerors should take care to ensure that their certifications are adequate to establish TAA compliance. A certification falling short of that standard could place an award at risk, and could even render an offeror ineligible for award. Continue Reading Trade Agreements Act Certifications Undergo New Scrutiny
New DFARS Clauses Require Defense Contractors to Disclose Work Performed in China
On August 25, 2022, the Department of Defense (“DOD”) published — with immediate effect — two new Defense Federal Acquisition Regulation Supplement (“DFARS”) clauses requiring defense prime contractors and subcontractors disclose any work in China on certain DOD contracts. Under the interim rule, the DOD is prohibited from awarding or extending certain new contracts if a contractor fails to disclose its use of workers in China in performance of a covered DOD contract. Although there is no prohibition on DOD awarding a covered contract to an entity that makes a disclosure, the Department can rely on a variety of authorities to exclude certain contractors and products that represent supply chain risks, especially if the products or services involve information technology.Continue Reading New DFARS Clauses Require Defense Contractors to Disclose Work Performed in China
DOD Issues Final DFARS Rule on Enhanced Debriefing Process
By Kayleigh Scalzo & Jay Carey on
Posted in Bid Protests, Defense Industry
On March 18, 2022, the Department of Defense published a final rule in the Defense Federal Acquisition Regulation Supplement implementing its “enhanced” debriefing process. That process originated in the National Defense Authorization Act for Fiscal Year 2018 and had previously been implemented via a class deviation.
The DOD enhanced debriefing process — which applies to procurements under FAR Part 15, and to task order competitions under FAR 16.505 — has two hallmarks:Continue Reading DOD Issues Final DFARS Rule on Enhanced Debriefing Process
New Final Rule Replaces “Commercial Item” Definition and Implements Definitions for “Commercial Products” and “Commercial Services”
By Scott A. Freling & Brooke Stanley on
Earlier today, the FAR Council issued a final rule revising the FAR definition of “commercial item.” The final rule effectively splits the prior definition of “commercial item” into separate definitions for “commercial product” and “commercial service,” without making substantive changes to the existing definitions. The final rule also replaces references to “commercial items” throughout the FAR with corresponding references to “commercial products,” “commercial services,” or both, as appropriate.
Continue Reading New Final Rule Replaces “Commercial Item” Definition and Implements Definitions for “Commercial Products” and “Commercial Services”
Department of Defense’s Interim Rule Imposes New Assessment Requirements But is Short on Detail on Implementation of CMMC
On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework. The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171). The interim rule also includes a clause for adding CMMC as a requirement in a DoD contract, but the clause fails to address many of the questions that industry has with regard to implementation of the CMMC program. The rule becomes effective November 30, 2020. We have written previously on NIST 800-171 and the CMMC here and here respectively.
DoD has been focused on improving the cyber resiliency and security of the Defense Industrial Base (DIB) sector for over a decade. The Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. The interim rule is one of multiple efforts by DoD focused on the broader supply chain security and resiliency of the DIB and builds on existing FAR and DFARS clause cybersecurity requirements. Increasing security concerns coupled with recent high-profile data breaches have led DoD to move beyond self-certification to auditable verification systems when it comes to protecting sensitive Government information.Continue Reading Department of Defense’s Interim Rule Imposes New Assessment Requirements But is Short on Detail on Implementation of CMMC
New FAR Rule Expands Counterfeit Reporting Obligations
Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1] This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014. The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.
Continue Reading New FAR Rule Expands Counterfeit Reporting Obligations
What Is Lowest Priced Technically Acceptable? GAO Clarifies Reach of New LPTA Restrictions
By Kayleigh Scalzo, Jay Carey & Andrew Guy on
As previously discussed on this blog, the National Defense Authorization Act for Fiscal Year 2017 and the NDAA for Fiscal Year 2018 imposed new limitations on when the Department of Defense can use Lowest Price Technically Acceptable source selection methods. Just last month, the Department of Defense issued a final rule amending the Defense Federal Acquisition Regulation Supplement to implement those provisions. Now, in Inserso Corp., B-417791, B-417791.3, Nov. 4, 2019, GAO has weighed in on what counts as LPTA for purposes of those restrictions. This decision may indicate a potentially significant limitation on the reach of the NDAA provisions, new DFARS rule, and proposed FAR rule.
Continue Reading What Is Lowest Priced Technically Acceptable? GAO Clarifies Reach of New LPTA Restrictions
Senate Armed Services Subcommittee on Cybersecurity Holds Hearing to Discuss the Responsibilities of the Defense Industrial Base
On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”).
To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante,…
Continue Reading Senate Armed Services Subcommittee on Cybersecurity Holds Hearing to Discuss the Responsibilities of the Defense Industrial Base
Keeping Up With DoD Cybersecurity Compliance Demands
(This article was originally published in Law360 and has been modified for this blog.)
On Jan. 21, 2019, Ellen Lord, the Under Secretary of Defense for Acquisition and Sustainment, issued a memorandum focused on assessing contractor compliance with the DFARS cyber clause via audits of a Contractor’s purchasing system.[1] One intent of this guidance is to have the Defense Contract Management Agency, or DCMA, “validate, for contracts for which they provide contract administration and oversight, contractor compliance with the requirements of DFARS clause 252.204-7012.”[2]
This would be done as part of a review of a contractor’s purchasing system in accordance with DFARS 252.244-7001. Pursuant to this DFARS clause, contractors are required to provide adequate security on their internal networks to protect Covered Defense Information (CDI) and are required to flow DFARS clause 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” to subcontractors without alteration.Continue Reading Keeping Up With DoD Cybersecurity Compliance Demands