On Dec. 4, 2018, the Federal Acquisition Regulatory Council finally released a proposed rule to implement changes to certain small business subcontracting regulations required by the 2013 National Defense Authorization Act (NDAA). 83 Fed. Reg. 62540 (Dec. 4, 2018). This is a welcome, if not long-overdue sign of progress. Over the last half-decade since the
Contractors in the Crosshairs – Weathering the 2019 Government Shutdown
Here we are again. Large swaths of the federal government have been closed since December 22 because Congress and the president cannot agree on legislation to fund the government. Nearly a million federal employees are not receiving their paychecks. Even larger numbers of government contractors are – as is often the case – left squarely at the bottom of the hill, dodging the boulders of political mismanagement that are raining down in a landslide of “stop-work” orders. For example, as has been reported, the Department of Homeland Security’s Federal Emergency Management Agency (FEMA) took affirmative steps to publicize and issue a “blanket” stop-work order on December 26 – the day after Christmas – giving many affected contractors a post-holiday cocktail of uncertainty and dread. Other agencies have followed suit, with the Departments of Justice, Agriculture, Commerce, Housing and Urban Development, Interior, State, Transportation, and Treasury issuing such orders over the past few weeks.
Continue Reading Contractors in the Crosshairs – Weathering the 2019 Government Shutdown
The Russian Exorcism of US Gov’t Contracts
The Demon: What an excellent day for an exorcism.
Father Karras: You would like that?
The Demon: Intensely.
Honestly, it was challenging finding an all-audiences quote from William Peter Blatty’s “The Exorcist,” but we believe that this quote is exactly what federal contractors need to know. Today is indeed an excellent day for an information system exorcism and, unlike Father Karras, federal contractors know the name of that which they must purge: Kaspersky Lab.Continue Reading The Russian Exorcism of US Gov’t Contracts
Cyber Threat Intelligence: Make Sure It Means What You Think It Means – Nuix 2018 Black Report: Decoding the Minds of Hackers
Alex Major is a contributing author to the Nuix 2018 Black Report: Decoding the Minds of Hackers, a unique report that engages professional hackers, penetration testers, and incident responders to understand the security threat landscape companies face. Alex, a former intelligence officer, focuses his chapter on why companies need to properly select and structure their
Lurking in the NIST—Why Federal Contractors May Be Misreading Their Cybersecurity Safeguarding Requirements
If your company sells products or services to the U.S. Government, there’s a substantial likelihood that you’ve read or heard the acronym “NIST” in connection with various cybersecurity related obligations that the Government is imposing on contractors with a seemingly unceasing vengeance. NIST refers to the National Institute of Standards and Technology, which is a
GSA Technology Acquisitions: How Cybersecurity Threats and Cloud Services Are Changing the Way the Government Buys Technology from Commercial Companies
During the past few years, discussions in Washington, D.C. have intensified over the battle to modernize the Federal Government’s information technology (IT) systems. In May 2016, Representative Jason Chaffetz—Chairman of the Committee on Oversight and Government Reform in the U.S. House of Representatives—boldly stated that American “[t]axpayers deserve a government that leverages technology to serve
The Buy American–Hire American Executive Order: There Will Be Devils in the Details When Buying American
Following up on his repeated promises that the government will buy American and hire American, President Trump signed a Presidential Executive Order on Buy American and Hire American (the “Order”) on Tuesday, April 18, 2017, directing executive agencies to enhance acquisition preferences for domestic products and labor under federal contracts and federal grants. Federal contractors should note that the Order serves only as a blueprint for the administration’s intentions and imposes no immediate requirements. Those will follow — but in what form and to what degree, we can only guess. Contractors should prepare for those changes and be assured that – with respect to the Order’s impact on supply chains and contractor purchasing systems – the devil will indeed be in the details.
Continue Reading The Buy American–Hire American Executive Order: There Will Be Devils in the Details When Buying American
Your Biggest Cybersecurity Threat: Failing to Plan
It’s surprising how often the simplest phrases can provide the most salient advice. The 6 P’s,for example: Proper prior planning prevents poor performance. While the phrase may be a bit of a tortured alliteration, the truth and simplicity of its sentiment can’t be denied: When you want a good outcome, you have to think it through. Simple.
Continue Reading Your Biggest Cybersecurity Threat: Failing to Plan
Switches and Sweets: Belsnickel Brings Defense Contractors and Subcontractors New Cybersecurity Controls in Preholiday Revisions of NIST Cybersecurity Publication
If you are aware of German Christmas folklore (and really, who isn’t?), you know that Belsnickel is a legendary companion of St. Nick who carries a switch with which to punish naughty children and a pocketful of sweets to reward good ones. This holiday season, many are feeling the sting of a switch of another kind, this one involving the December 20, 2016, issuing by the National Institute of Standards and Technology (NIST) of a preholiday revision of Special Publication 800-171 (SP 800-171), Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. If SP 800-171 sounds familiar, it is because the publication is the source of the cybersecurity controls that defense contractors must follow and flow down to subcontractors pursuant to DFARS Subpart 204.73 and its operative clauses (e.g., DFARS 252.204-7008 and DFARS 252.204-7012). Essentially accompanying St. Nick (perhaps Santa Clause may be more appropriate) this season, the NIST’s revised publication may resemble Belsnickel’s switch (pun intended) to contractors who already have existing SP 800-171 controls in place (as the controls have been required, in various forms, since November 2013) or who have started down the road toward SP 800-171 adherence in advance of the DFARS-directed December 2017 deadline. With that in mind, let’s take a quick look at the implications that switch (pun still intended) brings to the security requirements for protecting the confidentiality of CUI in nonfederal systems and organizations:
Continue Reading Switches and Sweets: Belsnickel Brings Defense Contractors and Subcontractors New Cybersecurity Controls in Preholiday Revisions of NIST Cybersecurity Publication
Government Contractors Should Not Fear Contract Termination Over Twitter #ComplicatedRegulations #CostlyTerminationProvisions
Carrier. UTC. Boeing. Swamp-draining rhetoric. While many ponder what America can expect from the next administration, one thing is clear – it appears to have its eyes on government contractors. However, it is important for those eyes to study the volumes of acquisition regulations under which the government is required to operate when contracting with commercial companies. Accordingly, we thought it would be helpful to describe – through a series of explanations of 140 or fewer characters – why recent tweets about Boeing’s Air Force One contract do not reflect the current state of government contracts law and, in particular, the provisions governing termination of contracts.
Continue Reading Government Contractors Should Not Fear Contract Termination Over Twitter #ComplicatedRegulations #CostlyTerminationProvisions