Photo of Ethan Brown

As we reported last month, the Department of Defense (DoD) has been engaging in an unusual rollout of its new cybersecurity certification program by way of  road tours—led by Katie Arrington, the Special Assistant to the Assistant Secretary of Defense for Acquisition and Sustainment for Cyber—that address the tiered, five-level Cybersecurity Maturity Model Certification (CMMC). At bottom, DoD intends for the CMMC to help streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for future acquisitions. What’s unique about the CMMC rollout is the lack of written guidance on the program. DoD representatives have orally provided a majority of publicly available information about CMMC only during various webinars and defense-industry events held over the past couple of months. Indeed, a quick Google search for “CMMC” indicates that, at this time, hard facts about the program appear to be limited to FAQs on a DoD website.

Continue Reading

As federal agencies have exponentially increased the use of “Other Transaction Agreements,” or OTAs, over the past few years, the question of the extent to which OTAs are subject to judicial review has arisen and, fortunately, recently been answered by GAO.  Although GAO will not review an agency’s award decision once it properly elects to utilize an OTA, GAO will examine the transaction to assess whether the agency properly chose to use the OTA instead of a procurement contract. The MD Helicopters decision, B-417379, April 4, 2019, 2019 WL 1505296, is GAO’s most recent decision on the subject.  With this in mind, federal contractors considering OTAs as a procurement vehicle should take note of GAO’s limited scope of review regarding such agreements and tread carefully.

Continue Reading