DoD’s recent efforts to address cybersecurity have caused confusion and chaos for Government contractors. As we all know, cybersecurity is an issue that is impossible to ignore, and the sobering reality is that compliance with federal cybersecurity requirements is critical to avoiding catastrophic liability. Recently, McCarter & English Government Contracts and Export Controls co-leaders Alex
Let Me Clear My Throat: DCAA Course Corrects on “Expressly Unallowable” Costs
Cough…cough…ahem…cough… Any contractor who has had the misfortune of dealing with the Defense Contract Audit Agency (DCAA) likely knows all too well that the agency is the Will Rogers of costs – it never met a cost it didn’t question. Indeed, DCAA auditors typically question costs with reckless abandon and based often on a patent misreading of applicable regulations. The net effect, of course, is that contractors have to expend significant time and money trying to explain to boards and courts why DCAA’s auditors are…uh…incorrect as a matter of fact and law. A recent Memorandum for Regional Directors (MRD) provides some transparency into why this sort of thing happens with unfortunate regularity. Issued on May 14, 2019, the MRD (No. 19-PAC-002(R)), corrects…er…“revises” internal guidance issued in 2014 and 2015 relating to the identification of expressly unallowable costs. The newly issued memo sets out DCAA’s current stance on identifying expressly unallowable costs under the cost principles codified at Federal Acquisition Regulation (FAR) Part 31 and Defense Federal Acquisition Regulation Supplement (DFARS) Part 231. This MRD – like all MRDs – is intended to be used as a tool by well-meaning (but often overzealous) auditors when reviewing a contractor’s compliance with federal cost principles. Contractors should, thus, pay careful attention to this MRD in order to be prepared for questions that may arise during DCAA-led frolics and detours.
Continue Reading
Never Stop Never Stopping: Defense Department Quietly Unveils Proposed Cybersecurity Maturity Model Certification Standards and Confirms the Allowability of Certain Cybersecurity Costs
Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal cybersecurity certification as early as next year. The program, known as the Cybersecurity Maturity Model Certification (CMMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.
Continue Reading
McCarter Partners Franklin Turner and Alex Major Presented on “Effectively Prosecuting Contract Claims Against the Government” at NHOA Business Summit
On May 22nd, Practice Group Co-Leaders Franklin Turner and Alexander Major delivered a presentation on Effectively Prosecuting Contract Claims Against the Government to attendees at the annual Native Hawaiian Organizations Association Business Summit in Honolulu, Hawaii. After the presentation, Franklin and Alex also hosted a legal Q&A session for contractors of all sizes.
New Year, New Rules—Changes Are Coming to the FAR’s Small Business Subcontracting Limits and Nonmanufacturer Rule
On Dec. 4, 2018, the Federal Acquisition Regulatory Council finally released a proposed rule to implement changes to certain small business subcontracting regulations required by the 2013 National Defense Authorization Act (NDAA). 83 Fed. Reg. 62540 (Dec. 4, 2018). This is a welcome, if not long-overdue sign of progress. Over the last half-decade since the
Contractors in the Crosshairs – Weathering the 2019 Government Shutdown
Here we are again. Large swaths of the federal government have been closed since December 22 because Congress and the president cannot agree on legislation to fund the government. Nearly a million federal employees are not receiving their paychecks. Even larger numbers of government contractors are – as is often the case – left squarely at the bottom of the hill, dodging the boulders of political mismanagement that are raining down in a landslide of “stop-work” orders. For example, as has been reported, the Department of Homeland Security’s Federal Emergency Management Agency (FEMA) took affirmative steps to publicize and issue a “blanket” stop-work order on December 26 – the day after Christmas – giving many affected contractors a post-holiday cocktail of uncertainty and dread. Other agencies have followed suit, with the Departments of Justice, Agriculture, Commerce, Housing and Urban Development, Interior, State, Transportation, and Treasury issuing such orders over the past few weeks.
Continue Reading
The Russian Exorcism of US Gov’t Contracts
The Demon: What an excellent day for an exorcism.
Father Karras: You would like that?
The Demon: Intensely.
Honestly, it was challenging finding an all-audiences quote from William Peter Blatty’s “The Exorcist,” but we believe that this quote is exactly what federal contractors need to know. Today is indeed an excellent day for an information system exorcism and, unlike Father Karras, federal contractors know the name of that which they must purge: Kaspersky Lab.
Cyber Threat Intelligence: Make Sure It Means What You Think It Means – Nuix 2018 Black Report: Decoding the Minds of Hackers
Alex Major is a contributing author to the Nuix 2018 Black Report: Decoding the Minds of Hackers, a unique report that engages professional hackers, penetration testers, and incident responders to understand the security threat landscape companies face. Alex, a former intelligence officer, focuses his chapter on why companies need to properly select and structure their
Lurking in the NIST—Why Federal Contractors May Be Misreading Their Cybersecurity Safeguarding Requirements
If your company sells products or services to the U.S. Government, there’s a substantial likelihood that you’ve read or heard the acronym “NIST” in connection with various cybersecurity related obligations that the Government is imposing on contractors with a seemingly unceasing vengeance. NIST refers to the National Institute of Standards and Technology, which is a
GSA Technology Acquisitions: How Cybersecurity Threats and Cloud Services Are Changing the Way the Government Buys Technology from Commercial Companies
During the past few years, discussions in Washington, D.C. have intensified over the battle to modernize the Federal Government’s information technology (IT) systems. In May 2016, Representative Jason Chaffetz—Chairman of the Committee on Oversight and Government Reform in the U.S. House of Representatives—boldly stated that American “[t]axpayers deserve a government that leverages technology to serve