DoD

Subscribe to DoD

Contractors often assume that government auditors have special authority to interpret the Cost Accounting Standards.  That assumption is easy to understand — auditors frequently take the position that there is just one “right” way for a company to do its contract cost accounting, based on how other companies do things.  But contractors should know that CAS is flexible and generally gives them options about how to comply, based on the circumstances of their business.  In short, a contractor’s business judgment matters, and contractors can use it to push back on auditors who take an overly rigid view of CAS.

Continue Reading So the Auditor Says You Violated CAS?  Remember, Your Business Judgment Matters When Determining Compliance

The Department of Defense is seeking early input on implementation of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (the “FY2023 NDAA”) in the Federal Acquisition Regulation and Defense Federal Acquisition Regulation.  Although this early engagement process will not replace the formal rulemaking process, it presents a significant opportunity for government contractors, technology providers, industry associations, and other interested parties to provide their perspectives on acquisition-related provisions of this year’s NDAA.  Providing early input can ensure that industry’s perspective is heard.  Indeed, providing input at this stage may impact the future rulemaking process by guiding areas of focus and influencing ways the rule makers ask for input during the rulemaking process.
Continue Reading DoD Seeks Early Input Regarding FY2023 NDAA Implementation in Acquisition Regulations

This is the fifteenth in a series of Covington blogs on implementation of Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”).  The first blog summarized the Cyber EO’s key provisions and timelines, and the subsequent blogs described the actions taken by various Government agencies to implement the Cyber EO from June 2021 through June 2022.  This blog describes key actions taken to implement the Cyber EO during July 2022.

Continue Reading July 2022 Developments under President Biden’s Cybersecurity Executive Order

On August 25, 2022, the Department of Defense (“DOD”) published — with immediate effect — two new Defense Federal Acquisition Regulation Supplement (“DFARS”) clauses requiring defense prime contractors and subcontractors disclose any work in China on certain DOD contracts.  Under the interim rule, the DOD is prohibited from awarding or extending certain new contracts if a contractor fails to disclose its use of workers in China in performance of a covered DOD contract.  Although there is no prohibition on DOD awarding a covered contract to an entity that makes a disclosure, the Department can rely on a variety of authorities to exclude certain contractors and products that represent supply chain risks, especially if the products or services involve information technology.

Continue Reading New DFARS Clauses Require Defense Contractors to Disclose Work Performed in China

The Eastern District of New York has enjoined a New York contractor’s federal debarment, in a rebuke of agency debarment actions that fail to honor contractors’ procedural rights.  On July 8, 2022, part supplier Precision Metals Corporation (“Precision”) was granted a Temporary Restraining Order (“TRO”) vacating and setting aside a Defense Logistics Agency (“DLA”) debarment and enjoining debarment while court proceedings are pending.  The decision, which emphasizes two procedural violations, serves as a reminder that an agency’s authority to debar contractors is not unlimited, and that it must strictly adhere to the rights granted contractors before taking action.  Each procedural violation, and its practical implications, is discussed below.

Continue Reading Department of Defense Debarment Enjoined Due to Procedural Missteps

On the heels of the FTC’s opposition to Lockheed Martin’s acquisition of Aerojet Rocketdyne and Lockheed’s termination of the deal, the Department of Defense (DoD) released a report expressing concerns about the state of competition among its contractors.  Of particular note, the report encourages DoD action to (1) increase oversight of M&A transactions and (2) obtain greater IP rights in matters involving defense industrial base contractors.  Although the report is light on specifics and identifies objectives that are in some tension with each other, the report is a reminder to companies that the U.S. Government, the single largest purchaser in the country, remains focused on enhancing competition. To that end, we anticipate seeing Executive Branch action in the coming months that seeks to further that policy objective.
Continue Reading DoD Signals Increased Scrutiny of Gov Con M&A and Renewed Interest in Background IP Rights

Since May 2020, federal efforts to fast-track the development, manufacturing, and distribution of COVID-19 vaccines has been led by a joint effort between the Department of Health and Human Services (“HHS”) and the Department of Defense (“DoD”), formerly known as Operation Warp Speed but renamed the HHS-DoD COVID-19 Countermeasures Acceleration Group (“CAG”).  As of December 31, 2021, the CAG was dissolved, and the entire responsibility for managing the government’s vaccine efforts transitioned to HHS.  On January 19, 2022, the Government Accountability Office (“GAO”) released a report examining that transition, as part of its ongoing obligation under the CARES Act to monitor the federal government’s pandemic response.  The report includes a few key findings and recommendations that will be of interest to industry partners operating within this space.
Continue Reading New GAO Report: HHS Faces Outstanding Issues as it Assumes Vaccine Responsibilities

The Department of Defense (DoD) released key documentation relating to Cybersecurity Maturity Model Certification (CMMC) 2.0 over the past several weeks, including (1) a CMMC 2.0 Model Overview document, (2) CMMC Self-Assessment Scopes for Level 1 and 2 assessments/certifications, (3) CMMC Assessment Guides for Level 1 and 2 attestations/certifications, and (4) the CMMC Artifact Hashing

On November 9, 2021, the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (AB) hosted a one hour Town Hall focused on CMMC Version 2.0.  Matthew Travis, CEO of the CMMC AB; Jesse Salazar, Deputy Assistant Secretary of Defense for Industrial Policy; David McKeown, Deputy Department of Defense (DoD) Chief Information Officer for Cybersecurity (DCIO(CS)) and DoD’s Senior Information Security Officer (SISO); and Buddy Dees, Director of CMMC, DoD gave prepared remarks and answered questions during the session.

According to Mr. Salazar, CMMC Version 2.0 has been in the making for the past 8 months, and takes into account the over 850 public comments DoD received regarding CMMC 1.0.  Mr. KcKeown explained that CMMC 1.0 may have been too broad and its requirements “too onerous” especially on small and medium sized contractors.  He described CMMC 2.0 — and its use of three levels rather than five levels in CMMC 1.0 — as being based on more of a risk based approach than the original CMMC because it is primarily focused on the type of data being protected.

Continue Reading CMMC Accreditation Body Hosts Town Hall Regarding CMMC 2.0

UPDATE: DoD withdraws the unpublished Advanced Notice of Proposed Rulemaking

On November 5, 2021, an Editorial Note was added to the Federal Register stating “An agency letter requesting withdrawal of this document was received after placement on public inspection. The document will remain on public inspection through close of business November 4, 2021. A copy of the agency’s withdrawal letter is available for inspection at the Office of the Federal Register.”   The reason for the Department of Defense withdrawal of the unpublished Advanced Notice of Proposed Rulemaking was not provided.
Continue Reading DoD Outlines Significant Changes to CMMC with Version 2.0