On October 3, 2023, the FAR Council released two long-awaited proposed rules for federal contractor cybersecurity stemming from the Biden Administration’s Cybersecurity Executive Order from May 2021 (Executive Order 14028). The proposed rules relate to Cyber Threat and Incident Reporting and Information Sharing (FAR Case 2021-017) and Standardizing Cybersecurity Requirements for Unclassified Federal Information Systems (FAR Case 2021-019). The comment period for both rules is currently open and is scheduled to close on December 4, 2023.Continue Reading Two New Cybersecurity Proposed Rules Mean Big Changes for Federal Contractors
Last month, we began our three-part series on organizational conflicts of interests (“OCIs”) with an article discussing the different types of OCIs and how they can be mitigated. Now, in Part 2 of our series, we analyze how OCIs arise in bid protests. First, we explain how the Government Accountability Office (“GAO”) and the Court of Federal Claims (“COFC”) review OCI protests. Then, we examine scenarios where OCI protests have been sustained, followed by a synopsis of OCI protest grounds that (almost) always will be denied. Finally, we conclude with a summary of key points to consider when faced with an OCI issue that arises during a bid protest.Continue Reading Organizational Conflicts of Interests – Part 2: OCIs in Bid Protests
You might be wondering, “What’s so important about Organizational Conflicts of Interest (“OCIs”)?” The answer is fairly simple: understanding both what causes OCIs and how to mitigate them are critical because unmitigated OCIs can preclude a contractor from (1) competing for future contract work, (2) performing certain tasks under existing contracts, (3) transferring personnel between company organizations, (4) hiring personnel, (5) teaming with certain vendors, and/or (6) entering into certain corporate transactions. Moreover, undisclosed or unmitigated OCIs can create risk of liability under the False Claims Act. In this Part 1 of a three part series, we offer a summary of what creates OCIs and general mitigation strategies. In Part 2, we will detail how OCIs arise in protests, and in Part 3, we will address the risks of False Claims Act liability arising from undisclosed OCIs.Continue Reading Organizational Conflicts of Interest – Part 1: A Refresher on OCIs
As called for in the May 12, 2021 Cybersecurity Executive Order (“EO”) released by the Biden Administration (discussed here), NIST met its deadline to release a definition of “critical software” within 45 days of the date of the Order. The determination of what constitutes “critical software” is a key step in the process set forth in the Order for securing the software supply chain, which will culminate sometime next year in new Federal Acquisition Regulations for contractors that supply software.
Continue Reading Right on Time – NIST Releases Definition of “Critical Software” Per Biden’s Cybersecurity Executive Order
On July 14, 2020 the Department of Defense (“DoD”), General Services Administration (“GSA”), and the National Aeronautics and Space Administration (“NASA”) published an Interim Rule amending the Federal Acquisition Regulation (“FAR”) in order to implement Section 889(a)(1)(B) of the FY 2019 National Defense Authorization Act (“NDAA”). The Interim Rule is effective August 13, 2020, and applies to all solicitations issued after (or resulting in contracts that will be awarded after) the effective date. Interested parties have until September 14, 2020 to submit written comments for consideration in the formation of the Final Rule.
Continue Reading Interim Rule Confirms Section 889 Part B Restriction on Contractor Use of Chinese Telecom Will Go Into Effect August 2020
A lot has happened since the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (CMMC) v. 1.0 back in February (see our prior discussion here). In addition to developments with the CMMC Accreditation Body (“CMMC AB”), DOD has clarified applicability of the program to Commercially available off-the-shelf (“COTS”) providers and the impact of COVID-19 on program implementation.
Continue Reading DOD CMMC Update – Third Party Auditors Gear Up and COTS Providers Get a Pass
On January 30, 2020, the Department of Defense (“DOD”) released its Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year. …
Continue Reading CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity
On January 7, 2020, the National Aeronautics and Space Administration (“NASA”) published a proposed rule seeking to amend the NASA Federal Regulation Supplement regarding counterfeit electronic parts. The proposed rule…
Continue Reading Let the Seller Beware – NASA’s Proposed Rule Seeks to Limit the Presence of Counterfeit Electronic Parts
As you probably know, we have been following very closely developments relating to Section 889 of the 2019 National Defense Authorization Act (NDAA), which prohibits executive agencies from purchasing restricted…
Continue Reading The True Impact of the Chinese Telecom Ban on Government Contractors
On September 9, 2019, the U.S. General Services Administration (“GSA”) announced it would be issuing a mass modification (expected sometime this month) requiring all new and existing GSA Multiple Award Schedule (“MAS”) contracts include two new clauses. The new clauses come in response to Section 889 of the FY2019 National Defense Authorization Act (“NDAA”), and recently implemented FAR provisions, which impose prohibitions relating to the procurement of certain Chinese telecommunications equipment and services (which we have previously discussed here and here). The two clauses to be added to all MAS contracts are:
- FAR 52.204-25, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019)
- GSAR 552.204-70, Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Aug 2019)
We recently wrote about the FAR Council’s release of an interim rule implementing restrictions on procurements involving certain Chinese telecommunications hardware manufacturers and service providers, such as Huawei and ZTE. The interim rule creates a new FAR Subpart 4.21, as well as two new contract clauses, FAR 52.204-24 and 52.204-25, which were effective August 13, 2019. These restrictions apply not only to prime contractors, but also to all subcontractors and throughout the supply chain. Concurrent with the release of the FAR interim rule, the Department of Defense (“DoD”) issued a memorandum, laying out DoD procedures to implement the prohibitions contained therein. These procedures apply to contracts, task orders, and delivery orders, including basic ordering agreements (BOAs), orders against BOAs, blanket purchase agreements (BPAs), and calls against BPAs.
Continue Reading Effective Last Month! – DoD’s Implementation of New FAR Prohibitions on Chinese Telecommunications Equipment and Services in Government Contracts