Photo of John Chierichella

John Chierichella is of counsel in the Governmental Practice in the firm's Washington, D.C. office.

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352.

Our “Cyber-Fitness” series thus far has focused on a contractor’s individual obligations and best practices for compliance with the Federal Acquisition Regulation and Defense FAR Supplement cybersecurity rules. But cybersecurity is not an insular discipline, disconnected from the relationships that contractors have with third parties. The acts and omissions of third parties can compromise information furnished to them as members of a contractor’s supply chain, and those same third parties can also compromise the contractor’s systems.
Continue Reading Achieving Cyber-Fitness In 2017: Part 4—Subcontracts, Joint Ventures And Teaming Agreements

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352.

The Department of Defense final rule for safeguarding covered defense information requires contractors to implement the security controls in National Institute of Standards and Technology Special Publication 800-171 by December 31. See 81 Fed. Reg. 72986; Chierichella, Bourne and Biancuzzo, Feature Comment, “Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance,” 59 GC ¶ 25. In enacting the final rule, the drafters created “[n]o new oversight paradigm” or certification requirement. 81 Fed. Reg. 72990. More recently, in response to questions from industry on compliance with NIST SP 800-171, DOD stated,

The rule does not require “certification” of any kind, either by DoD or any other firm professing to provide compliance, assessment, or certification services for DoD or Federal contractors. Nor will DoD give any credence to 3rd party assessments or certifications—by signing the contract, the contractor agrees to comply with the terms of the contract. It is up to the contractor to determine that their systems meet the requirements.

Some companies with limited cybersecurity expertise may choose to seek outside assistance in determining how best to meet and implement the NIST SP 800-171 requirements in their company. But, once the company has implemented the requirements, there is no need to have a separate entity assess or certify that the company is compliant with NIST SP 800-171.
Continue Reading Achieving Cyber-Fitness in 2017: Part 3—Proving Compliance and the Role of Third-Party Auditors

On May 11, President Donald Trump issued his long-awaited Executive Order on cybersecurity, the ‘‘Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.’’ It had been in the works since early in the administration, and its release had been announced (and drafts leaked) several times, only to be pulled back and reworked further. The Executive Order calls for a government-wide review and analysis of federal information technology infrastructure, including known risks and vulnerabilities, as well as consideration of the U.S.’s cybersecurity capabilities in relation to the rest of the world.
Continue Reading Presidential Executive Order on Cybersecurity: No More Antiquated IT

Section 820 of the National Defense Authorization Act for Fiscal Year 2017 (“NDAA”) establishes a new Defense Cost Accounting Standards Board (“D-CASB”) to oversee the application of the Cost Accounting Standards (“CAS”) to defense contracts. The amendments made by Section 820 shall take effect on October 1, 2018.
Continue Reading Defense Contractors to Face New Cost Accounting Oversight with Creation of Defense Cost Accounting Standards Board

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352.

In Part 1, we discussed the cybersecurity requirements applicable to federal contract information under Federal Acquisition Regulation 52.204-21(b)(1) and covered defense information (CDI) under Defense FAR Supplement 252.204-7012, which requires contractor compliance by December 31. See 59 GC ¶ 25. In Part 2, we examine other safeguarding and reporting requirements for unclassified information, including agency-specific regulations, of which Government contractors should be aware. Many of these requirements have been in place for years, and your company may already have plans and processes for compliance. However, it is worth reexamining these requirements and considering the data and systems they affect, as well as how security may be improved when planning for compliance with the DFARS rule by December 31.Continue Reading Achieving Cyber-Fitness In 2017: Part 2—Looking Beyond The FAR And DFARS— Other Safeguarding And Reporting Requirements

Reprinted from The Government Contractor, with permission of Thomson Reuters. Copyright © 2017. Further use without the permission of West is prohibited. For further information about this publication, please visit http://legalsolutions.thomsonreuters.com, or call 800.328.9352.

It is a new year, which means New Year’s resolutions for roughly 50 percent of Americans. Most vow to lose weight or save more money. For many Government contractors, however, the focus in 2017 is cybersecurity in general, and specifically compliance with the Department of Defense’s final rule for safeguarding covered defense information before the December 31 deadline. See 81 Fed. Reg. 72,986 (effective Oct. 21, 2016).Continue Reading Achieving Cyber-Fitness In 2017: Part 1—Planning For Compliance

Volume X – Accounting for the Cost of Business Combinations Under Government Contracts

Mergers and acquisitions create additional costs and complex accounting issues for government contractors.  There are fees for accounting, legal, and business consultants.  There may be restructuring costs associated with combining business operations.  Segments may be closed and retirement plans may be terminated.  Golden handcuffs and golden parachutes are also common.  Assets may be revalued, goodwill may be created, and there may be changes in cost accounting practices.Continue Reading What You Need to Know About Mergers and Acquisitions Involving Government Contractors and Their Suppliers

Volume IX – Unclassified Contracts?  Foreign Buyers Still Make a Difference

Last month, we discussed the extent to which a foreign buyer can introduce an unacceptable level of foreign ownership, control, or influence (“FOCI”) that, absent mitigation, will render the target ineligible for the facility security clearances needed to perform classified work. This month, we look at foreign ownership through a broader lens.  Specifically, we consider how the United States regulates the proposed acquisition of a U.S. business by a foreign interest, irrespective of whether classified contracts and classified information may be involved in the planned transfer.Continue Reading What You Need to Know About Mergers and Acquisitions Involving Government Contractors and Their Suppliers

Volume VIII – Foreign Buyers Do Make a Difference

Not every potential buyer is a U.S. corporation controlled by U.S. interests.  It is important, both for the buyer and the seller, to understand the implications of foreign ownership, control, or influence (“FOCI”) on the feasibility of a sale to foreign interests and the processes that apply to such sales.  As the title of this posting makes clear, foreign buyers do, in fact, make a difference.Continue Reading What You Need to Know About Mergers and Acquisitions Involving Government Contractors and Their Suppliers

Volume VII—Investing in Small Businesses

Numerous government contracts programs support small businesses.  There are prime contracts set aside for various categories of small business entities.  Agencies have small business contracting goals and take them very seriously.  Prime contractors often are incentivized, through evaluation factors, to propose significant small business participation.  They can also face liquidated damages for failing to make good faith efforts to comply with their small business subcontracting plans.  These programs promote economic growth by incentivizing investment in small business entities.

The primary obstacle to investing in small businesses, from a government contracts perspective, is that it is quite easy to lose small business size status as the result of a corporate transaction.  The difficulties arise from the doctrine of “affiliation.”Continue Reading What You Need to Know About Mergers and Acquisitions Involving Government Contractors and Their Suppliers