Legislation directing the National Institute of Standards and technology (“NIST”) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors recently passed the Senate and is heading to the President’s desk. We have been following this legislation closely for the past two years, here and here.  The bill passed in the Senate without amendment by unanimous consent.
Continue Reading IoT Legislation Passes Congress

At long last, the Department of Defense (“DoD”) has provided its interim rule, published in the Federal Register on September 29, 2020, amending the Defense Federal Acquisition Regulation Supplement (“DFARS”) to set forth requirements for the Cybersecurity Maturity Model Certification (“CMMC”) program, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.”  The interim rule is effective November 30, 2020, and comments to the interim rule should be submitted by November 30 as well.  Continue reading for our breakdown of key provisions.
Continue Reading DoD’s Long Awaited Rule on CMMC – Plus a New Cybersecurity Assessment Methodology for Contractors to Start Right Now

Congress recently advanced legislation that directs the National Institute of Standards and Technology (NIST) to create standards and guidelines for securing Internet of Things (“IoT”) devices used by Federal agencies and their contractors. We previously reported on this legislation in April of 2019 when it was introduced in the House (H.R. 1668) and the Senate (S. 734). On September 14, 2020, the House of Representatives passed the legislation on a voice vote.
Continue Reading IoT Legislation Advances in Congress

Just as you’re probably tired of reading COVID-19 articles, we’ve grown tired of writing them.  So, in an effort to party like it’s 2019, we’ve decided to survey the non-COVID-19 initiatives underway at the General Services Administration (“GSA”) while everyone is working from home.  Our survey shows progress continues on Multiple Award Schedule (“MAS”) modifications, a new Verified Product Portal (“VPP”) is on the horizon, and work related to Sections 846 and 889 conSetinues to progress.  Obviously, none of these has anything to do with COVID-19, but they will have an impact on your Federal business, whether you’re working from home or (eventually, and soon we hope) back in the office.  Here’s a look of major projects GSA has been working on while you’ve been social distancing.
Continue Reading While You Were Social Distancing: GSA’s Progress On Section 846, Schedules Consolidation, And Other Major Initiatives

A lot has happened since the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (CMMC) v. 1.0 back in February (see our prior discussion here).  In addition to developments with the CMMC Accreditation Body (“CMMC AB”), DOD has clarified applicability of the program to Commercially available off-the-shelf (“COTS”) providers and the impact of COVID-19 on program implementation.     
Continue Reading DOD CMMC Update – Third Party Auditors Gear Up and COTS Providers Get a Pass

The Securities and Exchange Commission (“SEC”) and Financial Industry Regulatory Authority (“FINRA”) recently issued guidance in connection with firms’ relationships with third-party service providers.  These publications serve as a reminder
Continue Reading SEC and FINRA Signal Renewed Focus on Vendor Management in Two Key Areas: Cybersecurity and Market Access Rule Compliance

On November 6, 2019, the Department of Homeland Security (“DHS”), Cybersecurity & Infrastructure Security Agency (“CISA”) released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber
Continue Reading CISA Releases “Cyber Essentials” to Assist Small Businesses

As you probably know, we have been following very closely developments relating to Section 889 of the 2019 National Defense Authorization Act (NDAA), which prohibits executive agencies from purchasing restricted
Continue Reading The True Impact of the Chinese Telecom Ban on Government Contractors

To gain insight into where the Securities and Exchange Commission (“SEC”) and Commodity Futures Trading Commission (“CFTC”) have been focusing their oversight and what their priorities will be in 2020, look no further than their recent words and deeds. A common thread running through the recent public statements and enforcement activity of both agencies is a commitment to maximizing the resources at their disposal to expedite resolutions, whether by leveraging technology, deploying multi-pronged approaches, engaging in industry outreach, or coordinating with fellow regulators.
Continue Reading Regulatory Moves Show Financial Watchdogs Working Smarter, if Not Harder

On September 9, 2019, the U.S. General Services Administration (“GSA”) announced it would be issuing a mass modification (expected sometime this month)[1] requiring all new and existing GSA Multiple Award Schedule (“MAS”) contracts include two new clauses. The new clauses come in response to Section 889 of the FY2019 National Defense Authorization Act (“NDAA”), and recently implemented FAR provisions, which impose prohibitions relating to the procurement of certain Chinese telecommunications equipment and services (which we have previously discussed here and here). The two clauses to be added to all MAS contracts are:

  • FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019)
  • GSAR 552.204-70, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019)


Continue Reading GSA Implements Restrictions on Certain Chinese-Made Telecommunications Services and Equipment