FAR

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, covered in a separate blog, is titled “Cyber Threat and Incident Reporting and Information Sharing,” and adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems,” covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through November 2023. This blog describes key requirements imposed by the proposed “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” rule (the “Proposed Standardizing Rule”)

Proposed Cybersecurity Requirements for Unclassified Federal Information Systems

As directed by the Cyber EO, the Proposed Standardizing Rule would establish cybersecurity policies, procedures, and requirements for contractors that develop, implement, operate, or maintain Federal Information Systems (“FIS”). Under the rule, a FIS is defined as “an information system used or operated by an agency, by a contractor of an agency, or by another organization on behalf of an agency.”Continue Reading Proposed FAR Rule: “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems”

Echoing the Obama Administration’s Better Buying Initiative, the Biden Administration announced the Better Contracting Initiative (“BCI”), a four-pronged initiative designed to ensure the Federal Government gets better, and more consistent, terms and prices when purchasing commercial goods and services, while enhancing support for small and disadvantaged businesses.  The Initiative’s four prongs include:Continue Reading More Bang for the Government’s Buck: The Biden Administration Announces the Better Contracting Initiative

On October 5, 2023, the Federal Acquisition Regulatory Council (FAR Council) issued an interim Federal Acquisition Regulation rule (FAR rule) that implements the Federal Acquisition Supply Chain Security Act (FASCSA).  This FAR rule implements the requirements of the Federal Acquisition Supply Chain Security Act of 2018 and the Federal Acquisition Security Council (FASC) final rule for complying with exclusion or removal orders. The FAR rule represents yet another step by the Government to mitigate the security risks that the Government perceives with the use of information technology that may be produced or provided by countries considered to be foreign adversaries.  Like similar supply chain prohibitions, the rule requires contractors to conduct diligence to ensure that articles and sources covered by a FASCA exclusion or removal order are not provided to the Government, to make an affirmative representation to the Government that such articles and sources will not be provided, and to promptly report if any are identified.  The FAR rule will become effective on December 4, 2023, and will apply to new contracts and contracts subject to extension or renewal.  The rule instructs that existing IDIQ contracts should be modified by the Government within six months of December 4, 2023 to apply the requirements to future orders.

Additional information about the rule and its relationship to existing FASCSA regulations is outlined below.Continue Reading FAR Council Issues Interim Rule Outlining Procedures Relating to Excluded Covered Articles and Sources

On October 3, 2023, the Federal Acquisition Regulation (FAR) Council released two new proposed cybersecurity rules. The first of the two, titled “Cyber Threat and Incident Reporting and Information Sharing,” adds new requirements to the cybersecurity incident reporting obligations of federal contractors. The second rule, which we will cover in a separate blog post, is titled “Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems” and covers cybersecurity contractual requirements for unclassified Federal information systems.

Both rules arise from Executive Order 14028, “Improving the Nation’s Cybersecurity,” issued by President Biden on May 12, 2021 (the “Cyber EO”). We have covered developments under this Executive Order as part of a series of monthly posts. The first blog summarized the Cyber EO’s key provisions and timelines, and subsequent blogs described the actions taken by various government agencies to implement the Cyber EO from June 2021 through September 2023. This blog describes key requirements imposed by the proposed “Cyber Threat and Incident Reporting and Information Sharing” rule.Continue Reading FAR Cyber Threat and Incident Reporting and Information Sharing Rule

On June 21, 2023, DHS published a final rule that amends the Homeland Security Acquisition Regulation (HSAR) both by modifying the existing regulations through removing and updating existing clauses and by adding new contract clauses to include certain requirements for the safeguarding of Controlled Unclassified Information (CUI).  The final rule

Continue Reading DHS Releases Final Rule on Safeguarding CUI After Six Year Wait

The Department of Defense is seeking early input on implementation of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (the “FY2023 NDAA”) in the Federal Acquisition Regulation and Defense Federal Acquisition Regulation.  Although this early engagement process will not replace the formal rulemaking process, it presents a significant opportunity for government contractors, technology providers, industry associations, and other interested parties to provide their perspectives on acquisition-related provisions of this year’s NDAA.  Providing early input can ensure that industry’s perspective is heard.  Indeed, providing input at this stage may impact the future rulemaking process by guiding areas of focus and influencing ways the rule makers ask for input during the rulemaking process.
Continue Reading DoD Seeks Early Input Regarding FY2023 NDAA Implementation in Acquisition Regulations

On December 1, 2022, the Department of Defense, General Services Administration, and NASA published a final rule addressing “Effective Communication Between Government and Industry,” which is aimed at “encourag[ing] communication between Government acquisition personnel and industry.”

The rule adds a paragraph to FAR 1.102-2 that reads as follows:

The Government

Continue Reading New FAR Provision Aims to Encourage Communication Between Government and Industry

Addressing climate change has been a priority for President Biden since his first day in office.  On December 8, 2021, President Biden continued that focus by issuing Executive Order (EO) 14057, Catalyzing Clean Energy Industries and Jobs Through Federal Sustainability, which includes a number of requirements directed at introducing sustainability to federal acquisitions.

This most recent EO announces an administration policy to achieve net-zero emissions from federal procurement by 2050 and comes on the heels of the public comment period extension to January 13, 2022 in response to EO 14030, Climate-Related Financial Risk.  Although the administration will likely be rolling out additional sustainability requirements in the coming months, contractors currently have an opportunity to help shape an initial requirement that may end up effectively establishing an environmental, social, and governance or “ESG” reporting requirement.
Continue Reading Contractors Have an Opportunity to Help Shape ESG Requirements

Earlier today, the FAR Council issued a final rule revising the FAR definition of “commercial item.”  The final rule effectively splits the prior definition of “commercial item” into separate definitions for “commercial product” and “commercial service,” without making substantive changes to the existing definitions.  The final rule also replaces references to “commercial items” throughout the FAR with corresponding references to “commercial products,” “commercial services,” or both, as appropriate.
Continue Reading New Final Rule Replaces “Commercial Item” Definition and Implements Definitions for “Commercial Products” and “Commercial Services”

Federal government contractors face many uncertainties as they implement President Biden’s COVID-19 vaccine mandate. This includes the distinct possibility of civil lawsuits arising out of their implementation of the mandate, including potential allegations of invasion of privacy, wrongful termination, lost wages, discrimination, personal injury or other common law claims or statutory violations. At least one such lawsuit already has been filed. In that suit, dozens of aggrieved employees allege that the contractor’s vaccine mandate violates state law, and they seek an injunction and other relief. Other lawsuits are sure to follow.

But there is good news for contractors: Established legal doctrines should provide contractors some degree of protection—and perhaps complete immunity—against such lawsuits. In addition to the statutory protections afforded to contractors under the PREP Act, contractors may be protected from civil liability based on federal-law-based defenses that have been recognized and applied in analogous government contracting settings. In the coming weeks, as contractors navigate the many challenges associated with the vaccine mandate, they should carefully consider the risk of civil litigation, and, in order to minimize potential exposure in such lawsuits, proactively implement practices that maximize the likelihood that these doctrines and defenses will be applicable, as discussed below.Continue Reading Are Federal Contractors Immunized From Vaccination Litigation? Mitigating The Risk Of Civil Liabilities Arising Out Of The COVID-19 Vaccine Mandate