There’s an often mistranslated Taoist adage that counsels “A journey of a thousand miles begins with a single step.” So it is presently with the Department of Defense’s (DoD’s) Cybersecurity Maturity Model Certification (CMMC), which continues its cybersecurity journey with the recently released update of standard CMMC .6.
Continue Reading
Integrating Cybersecurity Into M&A Compliance Reviews: Avoiding Hidden Cyber Risks in the Acquisition of Government Contractors
So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape continues to evolve as a result of mergers and acquisitions (M&A), primarily involving the acquisition of small and midsize contractors by larger entities as a means to quickly expand into new federal markets. This trend is especially prevalent in the information technology (IT) market, where the acquisition of small or midsize IT firms with new capabilities can provide larger firms with shiny new toys to share with their roster of government clients to gain a larger share of the federal IT “pie,” if not create—almost overnight—new IT market leaders in areas such as cloud computing, cybersecurity, software, and predictive intelligence.
Guerrillas of the NIST: DOD Re-Attacks Supply Chain and Contractor Cybersecurity (Part II)
As DOD continues to expand its supply chain cybersecurity demands on federal contractors, McCarter & English Government Contracts and Export Controls co-leaders Alex Major and Franklin Turner provide critical guidance for federal contractors in a two-part Feature Comment for Thomson Reuters’ The Government Contractor. In the comprehensive article they address not only the recent and
Guerrillas of the NIST: DOD Re-attacks Supply Chain and Contractor Cybersecurity (Part 1) – The Government Contractor
DoD’s recent efforts to address cybersecurity have caused confusion and chaos for Government contractors. As we all know, cybersecurity is an issue that is impossible to ignore, and the sobering reality is that compliance with federal cybersecurity requirements is critical to avoiding catastrophic liability. Recently, McCarter & English Government Contracts and Export Controls co-leaders Alex
Let Me Clear My Throat: DCAA Course Corrects on “Expressly Unallowable” Costs
Cough…cough…ahem…cough… Any contractor who has had the misfortune of dealing with the Defense Contract Audit Agency (DCAA) likely knows all too well that the agency is the Will Rogers of costs – it never met a cost it didn’t question. Indeed, DCAA auditors typically question costs with reckless abandon and based often on a patent misreading of applicable regulations. The net effect, of course, is that contractors have to expend significant time and money trying to explain to boards and courts why DCAA’s auditors are…uh…incorrect as a matter of fact and law. A recent Memorandum for Regional Directors (MRD) provides some transparency into why this sort of thing happens with unfortunate regularity. Issued on May 14, 2019, the MRD (No. 19-PAC-002(R)), corrects…er…“revises” internal guidance issued in 2014 and 2015 relating to the identification of expressly unallowable costs. The newly issued memo sets out DCAA’s current stance on identifying expressly unallowable costs under the cost principles codified at Federal Acquisition Regulation (FAR) Part 31 and Defense Federal Acquisition Regulation Supplement (DFARS) Part 231. This MRD – like all MRDs – is intended to be used as a tool by well-meaning (but often overzealous) auditors when reviewing a contractor’s compliance with federal cost principles. Contractors should, thus, pay careful attention to this MRD in order to be prepared for questions that may arise during DCAA-led frolics and detours.
Continue Reading
Never Stop Never Stopping: Defense Department Quietly Unveils Proposed Cybersecurity Maturity Model Certification Standards and Confirms the Allowability of Certain Cybersecurity Costs
Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal cybersecurity certification as early as next year. The program, known as the Cybersecurity Maturity Model Certification (CMMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.
Continue Reading
McCarter Partners Franklin Turner and Alex Major Presented on “Effectively Prosecuting Contract Claims Against the Government” at NHOA Business Summit
On May 22nd, Practice Group Co-Leaders Franklin Turner and Alexander Major delivered a presentation on Effectively Prosecuting Contract Claims Against the Government to attendees at the annual Native Hawaiian Organizations Association Business Summit in Honolulu, Hawaii. After the presentation, Franklin and Alex also hosted a legal Q&A session for contractors of all sizes.
New Year, New Rules—Changes Are Coming to the FAR’s Small Business Subcontracting Limits and Nonmanufacturer Rule
On Dec. 4, 2018, the Federal Acquisition Regulatory Council finally released a proposed rule to implement changes to certain small business subcontracting regulations required by the 2013 National Defense Authorization Act (NDAA). 83 Fed. Reg. 62540 (Dec. 4, 2018). This is a welcome, if not long-overdue sign of progress. Over the last half-decade since the
Contractors in the Crosshairs – Weathering the 2019 Government Shutdown
Here we are again. Large swaths of the federal government have been closed since December 22 because Congress and the president cannot agree on legislation to fund the government. Nearly a million federal employees are not receiving their paychecks. Even larger numbers of government contractors are – as is often the case – left squarely at the bottom of the hill, dodging the boulders of political mismanagement that are raining down in a landslide of “stop-work” orders. For example, as has been reported, the Department of Homeland Security’s Federal Emergency Management Agency (FEMA) took affirmative steps to publicize and issue a “blanket” stop-work order on December 26 – the day after Christmas – giving many affected contractors a post-holiday cocktail of uncertainty and dread. Other agencies have followed suit, with the Departments of Justice, Agriculture, Commerce, Housing and Urban Development, Interior, State, Transportation, and Treasury issuing such orders over the past few weeks.
Continue Reading
The Russian Exorcism of US Gov’t Contracts
The Demon: What an excellent day for an exorcism.
Father Karras: You would like that?
The Demon: Intensely.
Honestly, it was challenging finding an all-audiences quote from William Peter Blatty’s “The Exorcist,” but we believe that this quote is exactly what federal contractors need to know. Today is indeed an excellent day for an information system exorcism and, unlike Father Karras, federal contractors know the name of that which they must purge: Kaspersky Lab.