On March 11, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Office of Management and Budget (“OMB”) released the highly-anticipated Secure Software Development Attestation Form (also known as the “Common Form”) and on March 18, 2024 CISA’s repository for the forms went live.Continue Reading CISA Opens Repository for Submission of Software Security Attestation Forms

In addition to prohibiting the flow-down of non-mandatory FAR/DFARS clauses (which we talk about here), the Department of Defense (“DOD”) Final Rule in connection with the Defense Federal Acquisition Regulation Supplement (“DFARS”) Case 2017-D010 also touched on the decades-long debate as to which entities actually are subcontractors performing under a Federal prime contract. Yes, you read that correctly – there is no single definition for the terms “subcontract” or “subcontractor.” After almost 40 years of confusion, it appears the DFARS and Federal Acquisition Regulation (“FAR”) Councils are trying to end the debate once and for all.Continue Reading New Year, (Potentially) New Definition for “Subcontract”

On November 17, 2023, the Department of Defense (“DOD”) published a Final Ruleover five years in the making – addressing DOD policies regarding the applicability of laws to commercial products, commercial services, and commercially available off-the-shelf (“COTS”) products (DFARS Case 2017-D010). Partially implementing Section 874 of the Fiscal Year 2017 National Defense Authorization Act, DOD has imposed new regulations that expressly prohibit Contracting Officers (“CO”) and prime contractors alike from incorporating regulatory requirements of the Federal Acquisition Regulation (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”) in prime contracts and subcontracts unless mandated by regulatory text.Continue Reading It’s the Most Wonderful Time for New DOD Flow Down Policies: Flowing Down Too Many Clauses Will Get Prime Contractors More Than a Lump of Coal

The Cybersecurity and Infrastructure Security Agency (“CISA”) recently revised its Secure Software Development Attestation Common Form (after receiving over 110 comments on the initial draft), and is seeking additional comments through December 18, 2023. This is an important opportunity for software producers (and others) to provide input that will help shape the future of software supply chain regulations. At a time when the federal government is struggling to harmonize myriad rules on cybersecurity and supply chain, recommendations from industry will be key.Continue Reading Update: CISA Seeks Additional Input from Software Providers on Security Attestation Form

On October 5, 2023, the FAR Council released an Interim Rule on “Implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.” The Interim Rule implements requirements from Section 202 of the Federal Acquisition Supply Chain Security Act of 2018 (“FASCSA”), which will require contractors to ensure certain products and services are excluded from the U.S. Government supply chain as directed by the Federal Acquisition Security Council (“FASC”). The Interim Rule becomes effective 60 days after publication, requiring new FAR clauses to be incorporated into all solicitations and contracts (including orders and modifications) issued after December 4, 2023.Continue Reading Interim Rule Effective in December Establishes Requirements for Contractors to Remove Identified Products and Services from the U.S. Government Supply Chain

On August 23, 2023, the White House’s Office of Management and Budget (“OMB”) issued its notification of final guidance implementing Title IX of the Infrastructure Investment and Jobs Act (“IIJA”) – the Build America, Buy America (“BABA”) Act. The Guidance amends Title 2 of the Code of Federal Regulations, by adding a new Part 184 and a new provision to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards at 2 C.F.R. Part 200 (the “Uniform Guidance”). The publication provides key clarifications arising from industry input after releasing the Proposed Rule back in February (and discussed previously here). These clarifications proffer what is perhaps the most comprehensive set of guidance of which we are aware in the world of domestic content preferences and country of origin requirements, and borrow significantly from current regimes (e.g., the Buy American Act (“BAA”)). Because we already covered the primary requirements of the OMB’s proposed Guidance, and the Final Rule does not deviate significantly from the original guidance, we focus instead on our top 10 takeaways and lingering questions for compliance.Continue Reading Top 10 Takeaways from OMB’s “Build America, Buy America” Guidance for Infrastructure Projects

On March 1, 2023, the U.S. Department of Defense (“DoD”) adopted, without change, Defense Federal Acquisition Regulation Supplement (“DFARS”) Case No. 2022-D010, Employment Transparency Regarding Individuals Who Perform Work in the People’s Republic of China (88 Fed. Reg. 12861), updating provisions at DFARS 225.7021 and adding contract clauses at 252.225-7057 and 252.225-7058. This latest DFARS rule reflects a shifting regulatory landscape aimed at increasing transparency and oversight of U.S. transactions involving China.Continue Reading Continuing Skepticism on China: Final Rule Requires Disclosure of Defense Contractor Personnel in China

Coinciding nicely with the discussion of “Buy America” priorities at the February 7, 2023 State of the Union address, on February 9, 2023 the White House’s Office of Management and Budget (“OMB”) issued a proposed rule to implement Title IX of the Infrastructure Investment and Jobs Act (“IIJA”) – the Build America, Buy America (“BABA”) Act. See 88 Fed. Reg. 8374. The new Proposed Rule would amend OMB’s Guidance for Grants and Agreements to support federal agencies implementing the BABA requirements. In short, OMB is proposing to add a new Part 184 to Title 2 of the Code of Federal Regulations (“C.F.R.”), as well as clarifying language to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards at 2 C.F.R. Part 200 (the “Uniform Guidance”), that address Congress’ “Buy America” mandate involving iron, steel, manufactured products, and construction materials used in federally-funded infrastructure projects. Though this new Proposed Rule does not provide perfect clarity reconciling all “Buy America” requirements, the Proposed Rule is an important piece of the puzzle that companies performing infrastructure work must understand. OMB is accepting comments on the proposed rule through March 13, 2023.Continue Reading Another Piece to the Puzzle: OMB Issues Proposed Guidance on “Build America, Buy America” Requirements

Effective August 25, 2022, the U.S. Department of Defense (“DoD”) has issued two new changes to the Defense Federal Acquisition Regulation Supplement (“DFARS”) reinforcing national defense priorities that limit DoD

Continue Reading In the Interest of National Security – Two New DFARS Rules Reinforce Increased Scrutiny For Chinese-Origin Supply Chains

Updated as of May 24, 2022

The United States is engaging in a new form of warfare. Russia invaded Ukraine just over two months ago and, rather than join the fight directly by sending troops to defend Ukraine, the United States is fighting indirectly by engaging in unprecedented financial warfare against the Russian Federation. The initial export and sanctions actions were swift and severe – but somewhat expected. As the invasion persists, the U.S. Federal Government and individual States also have begun to leverage procurement policy to amplify the financial harm to Russia. This Guide will try to help make sense of the current efforts targeting Russia, the potential impact to government contractors, and proactive steps to mitigate risk.Continue Reading The Government Contractor’s Guide to (Not) Doing Business with Russia