DFARS

On August 25, 2022, the Department of Defense (“DOD”) published — with immediate effect — two new Defense Federal Acquisition Regulation Supplement (“DFARS”) clauses requiring defense prime contractors and subcontractors disclose any work in China on certain DOD contracts.  Under the interim rule, the DOD is prohibited from awarding or extending certain new contracts if a contractor fails to disclose its use of workers in China in performance of a covered DOD contract.  Although there is no prohibition on DOD awarding a covered contract to an entity that makes a disclosure, the Department can rely on a variety of authorities to exclude certain contractors and products that represent supply chain risks, especially if the products or services involve information technology.Continue Reading New DFARS Clauses Require Defense Contractors to Disclose Work Performed in China

On March 18, 2022, the Department of Defense published a final rule in the Defense Federal Acquisition Regulation Supplement implementing its “enhanced” debriefing process.  That process originated in the National Defense Authorization Act for Fiscal Year 2018 and had previously been implemented via a class deviation.

The DOD enhanced debriefing process — which applies to procurements under FAR Part 15, and to task order competitions under FAR 16.505 — has two hallmarks:Continue Reading DOD Issues Final DFARS Rule on Enhanced Debriefing Process

Earlier today, the FAR Council issued a final rule revising the FAR definition of “commercial item.”  The final rule effectively splits the prior definition of “commercial item” into separate definitions for “commercial product” and “commercial service,” without making substantive changes to the existing definitions.  The final rule also replaces references to “commercial items” throughout the FAR with corresponding references to “commercial products,” “commercial services,” or both, as appropriate.
Continue Reading New Final Rule Replaces “Commercial Item” Definition and Implements Definitions for “Commercial Products” and “Commercial Services”

On September 29, 2020, the Department of Defense (DoD) released an interim rule that industry hoped would provide clear guidance with regard to DoD’s implementation of its Cybersecurity Maturity Model Certification (CMMC) framework.  The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 (NIST 800-171).  The interim rule also includes a clause for adding CMMC as a requirement in a DoD contract, but the clause fails to address many of the questions that industry has with regard to implementation of the CMMC program.  The rule becomes effective November 30, 2020.  We have written previously on NIST 800-171 and the CMMC here and here respectively.

DoD has been focused on improving the cyber resiliency and security of the Defense Industrial Base (DIB) sector for over a decade.  The Council of Economic Advisors estimates that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.  The interim rule is one of multiple efforts by DoD focused on the broader supply chain security and resiliency of the DIB and builds on existing FAR and DFARS clause cybersecurity requirements.  Increasing security concerns coupled with recent high-profile data breaches have led DoD to move beyond self-certification to auditable verification systems when it comes to protecting sensitive Government information.Continue Reading Department of Defense’s Interim Rule Imposes New Assessment Requirements But is Short on Detail on Implementation of CMMC

Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1]  This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014.  The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.
Continue Reading New FAR Rule Expands Counterfeit Reporting Obligations

As previously discussed on this blog, the National Defense Authorization Act for Fiscal Year 2017 and the NDAA for Fiscal Year 2018 imposed new limitations on when the Department of Defense can use Lowest Price Technically Acceptable source selection methods.  Just last month, the Department of Defense issued a final rule amending the Defense Federal Acquisition Regulation Supplement to implement those provisions.  Now, in Inserso Corp., B-417791, B-417791.3, Nov. 4, 2019, GAO has weighed in on what counts as LPTA for purposes of those restrictions.  This decision may indicate a potentially significant limitation on the reach of the NDAA provisions, new DFARS rule, and proposed FAR rule.
Continue Reading What Is Lowest Priced Technically Acceptable? GAO Clarifies Reach of New LPTA Restrictions

On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”).

To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General

(This article was originally published in Law360 and has been modified for this blog.)

On Jan. 21, 2019, Ellen Lord, the Under Secretary of Defense for Acquisition and Sustainment, issued a memorandum focused on assessing contractor compliance with the DFARS cyber clause via audits of a Contractor’s purchasing system.[1]  One intent of this guidance is to have the Defense Contract Management Agency, or DCMA, “validate, for contracts for which they provide contract administration and oversight, contractor compliance with the requirements of DFARS clause 252.204-7012.”[2]

This would be done as part of a review of a contractor’s purchasing system in accordance with DFARS 252.244-7001.  Pursuant to this DFARS clause, contractors are required to provide adequate security on their internal networks to protect Covered Defense Information (CDI) and are required to flow DFARS clause 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” to subcontractors without alteration.Continue Reading Keeping Up With DoD Cybersecurity Compliance Demands

The Section 809 Panel recently concluded its monumental analysis of defense acquisition law and regulations and released its third volume of recommended changes.  As we have written previously, the Panel’s work stands out from previous acquisition reform efforts with the appendices of detailed legislative and regulatory changes that accompany the commissioners’ analysis and recommendations.

Given the scope of the Panel’s work, few believe that Congress or the Department of Defense (“DoD”) will — or even could — simply adopt the recommendations in full.  Legislative bandwidth for additional acquisition reform is finite, and some of the Panel’s recommendations will prompt robust debate.  In this post, we analyze some of the recommendations that government contractors should follow most closely.  We highlight key issues and address the political dynamics involved in enacting them.
Continue Reading After the Final Report: Expectations Following the Section 809 Panel’s Third Volume of Acquisition Policy Reforms

[This article was originally published in Law360 and has been modified for the blog.]

Over the summer, pursuant to Section 874 of the FY 2017 National Defense Authorization Act (“NDAA”)[1], the Department of Defense (“DoD”) issued a proposed rule[2] to exclude the application of certain laws and regulations to the acquisition of commercial items, including commercially available off-the-shelf (“COTS”) items.  Among other things, the proposed rule identifies certain DFARS and FAR clauses that should be excluded from commercial item contracts and subcontracts, and sets forth a narrower definition of “subcontract” that would carve out a category of lower-tier commercial item agreements from the reach of certain flow-down requirements.  A summary of the proposed rule and our key observations/takeaways are below.
Continue Reading Takeaways From DoD’s Proposed Changes to Commercial Item Contracting