Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1]  This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014.  The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.

Continue Reading New FAR Rule Expands Counterfeit Reporting Obligations

On October 4th, the Department of Defense (DoD) issued a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors who have “agreements” with DoD.  The Final Rule also highlights DoD’s desire to encourage greater participation in the voluntary Defense Industrial Base (DIB) cybersecurity information sharing program.  This Rule is effective on November 3, 2016.

This Final Rule implements, in part, statutory requirements for rapidly reporting cyber incidents, including section 941 of the Fiscal Year (FY) 2013 National Defense Authorization Act (NDAA) and sections 391 and 393 of Title 10, and follows an interim rule issued on October 2, 2015.  DoD intends for this Rule to incorporate and harmonize all of the cyber incident reporting requirements – both mandatory and voluntary – for entities that have any “agreements” with DoD.  81 Fed. Reg. 68316.  Key highlights of the Final Rule are addressed below.


Continue Reading DoD Finalizes Rule on Policies for Cyber Incident Reporting