On January 19, 2021, the Federal Acquisition Regulatory Council published the final rule amending the Federal Acquisition Regulation (“FAR”) in accordance with President Trump’s Executive Order 13881, “Maximizing Use of American-Made Goods, Products, and Materials.” As we discussed in our prior blog articles here (discussing the September 2020 proposed rule) and here (discussing the July 15, 2019 order), the Executive Order required significant changes to the regulations implementing the Buy American Act, 41 U.S.C. §§ 8301-8305 (“BAA”). The final rule varies very little from the September 14, 2020 proposed rule (discussed in greater detail here). Accordingly, the final rule amends applicable FAR clauses with three key impacts:
Continue Reading “Buy (More) American” – Final Rule Implements Changes to the Buy American Act Regulations

Legislation directing the National Institute of Standards and technology (“NIST”) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors recently passed the Senate and is heading to the President’s desk. We have been following this legislation closely for the past two years, here and here.  The bill passed in the Senate without amendment by unanimous consent.
Continue Reading IoT Legislation Passes Congress

A Securities and Exchange Commission (“SEC”) plan to create a registration exemption for certain finders has generated a mixed response.  The nearly 90 comments received by the SEC by the November 12, 2020 close of the comment period reflect a clear divide along predictable lines.  Broker-dealers, issuers, and some practitioners lauded the proposal for bringing regulatory clarity to what has long been a cloudy issue while regulatory groups and investor advocates criticized the plan for allowing unregistered finders to conduct brokerage activities without sufficient investor protection mechanisms.
Continue Reading SEC Proposal to Exempt Finders from Registration Generates Split Reaction

On November 19, 2020, Peter Driscoll, director of the Office of Compliance Inspection and Examination (“OCIE”) of the Securities and Exchange Commission (“SEC”), gave a speech urging advisory firms to empower their Chief Compliance Officers (“CCOs”). The speech, made at the SEC’s annual compliance outreach conference, accompanied OCIE’s Risk Alert, issued the same day, identifying notable deficiencies and weaknesses regarding Registered Investment Advisors (“RIAs”) CCOs and compliance departments. Driscoll’s speech complemented the Risk Alert by outlining the fundamental requirements for CCOs: “empowered, senior and with authority.”
Continue Reading OCIE Director Instructs Advisers to Empower Chief Compliance Officers

On October 30, 2020 the FDA published a list of essential medicines, medical countermeasures, and critical inputs as required by President Trump’s August 2020 Executive Order on Ensuring Essential Medicines, Medical Countermeasures, and Critical Inputs Are Made in the United States (Executive Order 13944), which required the U.S. government to purchase “essential” medicines and medical supplies produced domestically, rather than abroad. We previously wrote about this Executive Order in August (available here), expecting that once the list was issued, government agencies would begin implementing the “Buy American” priorities for these products and materials. The FDA has identified around 227 drugs and 96 devices, along with their respective critical inputs or active ingredients, that the FDA believes “are medically necessary to have available at all times” for the public health. Agencies across the federal government should now begin making non-competitive awards “to the maximum extent permitted by law,” for drugs and medical supplies on this list that are produced in the United States. We have yet to see how agencies will implement these requirements in regulations or class deviations, but publication of this list is an important first step in implementing the rest of the “Buy American” priorities in the Executive Order.
Continue Reading “Buy American” Update: FDA Issues List Of Essential Medicines Required By Executive Order

After many years of being in draft form, NIST recently released its final version of Revision 5 of Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations to address a need for a more proactive and systematic approach to cybersecurity. With the release of Revision 5, NIST hopes to provide updated security and privacy controls that will make information systems more penetration resistant, limit damages from cyber-attacks, make systems more cyber-resilient, and protect individuals’ privacy. NIST intends this update to be usable by a more diverse set of consumer groups than previous iterations of the document permitted.
Continue Reading NIST Issues Long-Awaited Final Guidance on Security and Privacy Controls – SP 800-53

At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.”  The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well.  Continue reading for our breakdown of key provisions.
Continue Reading DoD’s Long Awaited Rule on CMMC – Plus a New Cybersecurity Assessment Methodology for Contractors to Start Right Now

On September 14, 2020, the Federal Acquisition Regulatory Council published the long anticipated proposed rule amending the Federal Acquisition Regulation (“FAR”) in accordance with President Trump’s Executive Order 13881, “Maximizing Use of American-Made Goods, Products, and Materials.” As previously discussed here, the Executive Order, signed on July 15, 2019, required significant changes to the implementing regulations of the Buy American Act, 41 U.S.C. §§ 8301-8305, changing policies dating back nearly 70 years. Accordingly, the proposed rule seeks to increase both the domestic content requirements and the evaluation preferences provided by the FAR for domestically manufactured goods, particularly with regard to domestic content requirements for steel or iron end products and products made predominantly from iron or steel. Most significantly, however, the proposed rule will revive heightened restrictions for commercially available-off-the-shelf (“COTS”) products that are made predominantly of iron or steel, requiring both the end product and 95 percent of the component parts be domestically sourced in order to qualify under the rule. The COTS exception remains available for other end products (that are not made predominantly of iron or steel), but the proposed rule still will impose heightened obligations and vendors now need to scrutinize their supply chains even more closely, even for COTS items. The FAR Council is accepting comments through November 13, 2020. A final rule is likely by early-2021.
Continue Reading Proposed Changes to the Buy American Act Regulations Implementing Trump Executive Orders

On September 10, 2020, the General Services Administration (“GSA”) hosted a webinar related to its implementation of Section 889 of the 2019 NDAA – the ban relating to certain Chinese telecom companies – and associated updated FAR clauses.  (We previously have written about Section 889 here, here, here, and here).  Below we provide highlights from the meeting.  Slides presented at the meeting also are available here.
Continue Reading GSA’s Take on Implementation of Section 889

Beginning October 15, 2020, the U.S. Small Business Administration (“SBA”), implementing the 2015 National Defense Authorization Act (“NDAA”), will begin requiring women-owned small businesses (“WOSBs”) and economically disadvantaged WOSBs (“EDWOSBs”) to undergo a formal certification process to be eligible under the Procurement Program for Women-Owned Small Business Concerns (the “Program”). Thus, WOSBs and EDWOSBs no longer will be allowed to self-certify that they meet the Program requirements to compete for set-aside or sole source contracts, as has been the case for the last few decades. Instead, WOSBs and EDWOSBs now must apply for a formal government-issued certification at https://beta.certify.sba.gov/, which includes creating an account and uploading the necessary paperwork to establish eligibility. 13 C.F.R. Subpart C (§§ 127.300 – 127.356).
Continue Reading Women-Owned Small Business Self-Certification Ends October 15, 2020 When SBA Begins Requiring Formal Government-Issued Or Third-Party Certifications for Awards

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.
Continue Reading IoT Legislation Advances in Congress