On July 14, 2020 the Department of Defense (“DoD”), General Services Administration (“GSA”), and the National Aeronautics and Space Administration (“NASA”) published an Interim Rule amending the Federal Acquisition Regulation (“FAR”) in order to implement Section 889(a)(1)(B) of the FY 2019 National Defense Authorization Act (“NDAA”).[1] The Interim Rule is effective August 13, 2020, and applies to all solicitations issued after (or resulting in contracts that will be awarded after) the effective date. Interested parties have until September 14, 2020 to submit written comments for consideration in the formation of the Final Rule.
Continue Reading Interim Rule Confirms Section 889 Part B Restriction on Contractor Use of Chinese Telecom Will Go Into Effect August 2020

A lot has happened since the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (CMMC) v. 1.0 back in February (see our prior discussion here).  In addition to developments with the CMMC Accreditation Body (“CMMC AB”), DOD has clarified applicability of the program to Commercially available off-the-shelf (“COTS”) providers and the impact of COVID-19 on program implementation.     
Continue Reading DOD CMMC Update – Third Party Auditors Gear Up and COTS Providers Get a Pass

To further assist the contractor community with the effects of the unprecedented Coronavirus Disease 2019 (COVID-19), the U.S. Department of Defense (DoD) issued on April 8, 2020 a Class Deviation authorizing contracting officers to use a new clause – DFARS 231.205-79, CARES Act Section 3610 Implementation – to address contractor reimbursement under Section 3610 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (Pub. L. 116-136).  Section 3610 allows agencies to reimburse paid leave, including sick leave, that a contractor provides to keep its employees or subcontractors in a ready state, including to protect the life and safety of Government and contractor personnel, during the COVID-19 pandemic.  Paid leave is reimbursable at the contractor’s minimum billing rates under its contracts, and may be allowed for up to an average of 40 hours per week.
Continue Reading DoD Issues Class Deviation to Address Contractor Reimbursement for Paid Leave Required to Maintain a Mission-Ready Workforce During the COVID-19 Outbreak Pursuant to Section 3610 of the CARES Act

On January 30, 2020, the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year.  
Continue Reading CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity

At the end of 2019, the Department of Defense (“DoD”) took another step to limit the potential cyber risks posed by telecommunications equipment manufactured by Chinese companies (and potentially Russian
Continue Reading DoD’s Squeeze of Chinese Telecom Equipment Continues

We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE. The interim rule creates a new FAR Subpart 4.21, as well as two new contract clauses, FAR 52.204-24 and 52.204-25, which were effective August 13, 2019. These restrictions apply not only to prime contractors, but also to all subcontractors and throughout the supply chain. Concurrent with the release of the FAR interim rule, the Department of Defense (“DoD”) issued a memorandum, laying out DoD procedures to implement the prohibitions contained therein. These procedures apply to contracts, task orders, and delivery orders, including basic ordering agreements (BOAs), orders against BOAs, blanket purchase agreements (BPAs), and calls against BPAs.
Continue Reading Effective Last Month! – DoD’s Implementation of New FAR Prohibitions on Chinese Telecommunications Equipment and Services in Government Contracts

There are big changes happening in military healthcare procurement. Some are unsurprising given the October 1, 2019 deadline for the reorganization of all military hospitals and clinics under the management of the Department of Defense (DOD), Defense Health Agency (DHA). But some may be unexpected, reaching all the way to Department of Veterans Affairs (VA) procurement, though the extent to which the VA will ultimately be affected is unclear. In the past few weeks, at least three major announcements were made regarding military healthcare: (1) DHA and the Defense Logistics Agency (DLA) signed a memorandum of agreement (MOA) regarding their respective rolls in DOD healthcare, (2) DLA gave the VA access to its medical/surgical prime vendor formulary indefinitely, and (3) the VA cancelled its long-anticipated prime vendor solicitation under the Medical/Surgical Prime Vendor (MSPV) 2.0 program. Is this all a coincidence? Probably not.
Continue Reading What’s the VA Got to Do With It? Military Medical Procurement Changes Reach the VA

The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for it,” the Department of Defense (DoD) announced in June 2019 it is in the process of developing a new cybersecurity certification program for its contractors, which will involve using third party auditors to validate contractor compliance with required security controls. In addition, on June 19, 2019, the National Institute of Standards and Technology (NIST) released two new highly-anticipated draft special publications – NIST SP 800-171, Rev 2 and NIST SP 800-171B – with a tight turnaround time for comments by July 19, 2019.
Continue Reading Cyber Update: DoD Contractor Cybersecurity Certification and 33 New Enhanced Controls to Combat the Advanced Persistent Threat