A lot has happened since the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (CMMC) v. 1.0 back in February (see our prior discussion here).  In addition to developments with the CMMC Accreditation Body (“CMMC AB”), DOD has clarified applicability of the program to Commercially available off-the-shelf (“COTS”) providers and the impact of COVID-19 on program implementation.     
Continue Reading DOD CMMC Update – Third Party Auditors Gear Up and COTS Providers Get a Pass

To further assist the contractor community with the effects of the unprecedented Coronavirus Disease 2019 (COVID-19), the U.S. Department of Defense (DoD) issued on April 8, 2020 a Class Deviation authorizing contracting officers to use a new clause – DFARS 231.205-79, CARES Act Section 3610 Implementation – to address contractor reimbursement under Section 3610 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (Pub. L. 116-136).  Section 3610 allows agencies to reimburse paid leave, including sick leave, that a contractor provides to keep its employees or subcontractors in a ready state, including to protect the life and safety of Government and contractor personnel, during the COVID-19 pandemic.  Paid leave is reimbursable at the contractor’s minimum billing rates under its contracts, and may be allowed for up to an average of 40 hours per week.
Continue Reading DoD Issues Class Deviation to Address Contractor Reimbursement for Paid Leave Required to Maintain a Mission-Ready Workforce During the COVID-19 Outbreak Pursuant to Section 3610 of the CARES Act

On January 30, 2020, the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year.  
Continue Reading CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity

At the end of 2019, the Department of Defense (“DoD”) took another step to limit the potential cyber risks posed by telecommunications equipment manufactured by Chinese companies (and potentially Russian
Continue Reading DoD’s Squeeze of Chinese Telecom Equipment Continues

We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE. The interim rule creates a new FAR Subpart 4.21, as well as two new contract clauses, FAR 52.204-24 and 52.204-25, which were effective August 13, 2019. These restrictions apply not only to prime contractors, but also to all subcontractors and throughout the supply chain. Concurrent with the release of the FAR interim rule, the Department of Defense (“DoD”) issued a memorandum, laying out DoD procedures to implement the prohibitions contained therein. These procedures apply to contracts, task orders, and delivery orders, including basic ordering agreements (BOAs), orders against BOAs, blanket purchase agreements (BPAs), and calls against BPAs.
Continue Reading Effective Last Month! – DoD’s Implementation of New FAR Prohibitions on Chinese Telecommunications Equipment and Services in Government Contracts

There are big changes happening in military healthcare procurement. Some are unsurprising given the October 1, 2019 deadline for the reorganization of all military hospitals and clinics under the management of the Department of Defense (DOD), Defense Health Agency (DHA). But some may be unexpected, reaching all the way to Department of Veterans Affairs (VA) procurement, though the extent to which the VA will ultimately be affected is unclear. In the past few weeks, at least three major announcements were made regarding military healthcare: (1) DHA and the Defense Logistics Agency (DLA) signed a memorandum of agreement (MOA) regarding their respective rolls in DOD healthcare, (2) DLA gave the VA access to its medical/surgical prime vendor formulary indefinitely, and (3) the VA cancelled its long-anticipated prime vendor solicitation under the Medical/Surgical Prime Vendor (MSPV) 2.0 program. Is this all a coincidence? Probably not.
Continue Reading What’s the VA Got to Do With It? Military Medical Procurement Changes Reach the VA

The Government remains intensely focused on how best to protect its Controlled Unclassified Information (CUI) once it is released to contractors. In a shift from its initial approach of “we will take the contractor’s word for it,” the Department of Defense (DoD) announced in June 2019 it is in the process of developing a new cybersecurity certification program for its contractors, which will involve using third party auditors to validate contractor compliance with required security controls. In addition, on June 19, 2019, the National Institute of Standards and Technology (NIST) released two new highly-anticipated draft special publications – NIST SP 800-171, Rev 2 and NIST SP 800-171B – with a tight turnaround time for comments by July 19, 2019.
Continue Reading Cyber Update: DoD Contractor Cybersecurity Certification and 33 New Enhanced Controls to Combat the Advanced Persistent Threat

If you follow professional football, you are familiar with the message generally given to an aspiring player just before he is cut – “Coach wants to see you.  Bring your playbook.”  The playbook, that step-by-step guide to on-the-field success, is something that teams guard zealously.

Not all teams, however, maintain the secrecy of their playbooks, and the U.S. Government is a case in point.  The Government actually publishes its playbook of bargaining techniques recommended for its contract negotiators.  Like the Commandments Moses brought down from Mount Sinai, the Government playbook consists of 10 Rules.  These Rules can be found in Chapter 6 of Volume 5 of the DoD’s Contract Pricing Reference Guides.  The Rules are all reasonable and, in many ways, predictable. Because “Forewarned is forearmed,” here they are –
Continue Reading The Government’s Playbook – Your Guide to Uncle Sam’s Negotiating Techniques