In Part I of this series we introduced readers to what Controlled Unclassified Information (CUI) is understood to consist of under the CUI Program at 32 CFR pt. 2002, differentiating and safeguarding CUI, CUI Program Authority and Control, and CUI policy as promulgated under the U.S. Department of Defense CUI Program. (See 66 GC ¶
Government Contracts Regulatory Compliance
Feature Comment: The CUI Program: DOD, We Have a Problem
The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Program will become operational at some point in fiscal year 2025. In October, the DOD issued a Final Rule to address evolving cybersecurity requirements and cyber threats while defining the security controls that DOD intends defense contractors and subcontractors to implement. The program will require…
Surviving And Thriving In The Small Business Administration’s 8(a) Program: Maximizing Opportunities For NHOs, ANCs, and Tribes
Alex Major, Franklin Turner, Philip Lee, and Marcos Gonzalez co-authored the article “Surviving And Thriving In The Small Business Administration’s 8(a) Program: Maximizing Opportunities For NHOs, ANCs, And Tribes” for Briefing Papers. The article provides an overview of the Small Business Administration’s 8(a) Business Development Program, which provides socially and economically disadvantaged small business owners…
A Standard on Many Levels: A Look at CMMC 2.0 in Final
Over the course of the past few years, gallons of ink have been spilled addressing the seemingly ever-pending US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. After keeping us waiting for years, it finally arrived when, on October 15, 2024, DoD published its Final Rule to establish the CMMC Program. See 89 Fed. Reg. 83092 (Oct. 15, 2024). Effective December 16, 2024, the Rule will require certain defense contractors to have implemented security measures to achieve a particular CMMC level necessary to safeguard Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as a condition of contract award. Codified at 34 C.F.R. Part 170, the CMMC Program will be augmented by a separate proposed acquisition rule to add a new 48 C.F.R. Part 204, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address procurement considerations related to the CMMC Program, including allowing DoD to require a specific CMMC level in a solicitation or contract. See 89 Fed. Reg. 66327 (Aug. 15, 2024) or our analyses here and here. The date when that DFARS clause will become final is still unclear, but most suspect it will be soon.Continue Reading A Standard on Many Levels: A Look at CMMC 2.0 in Final
Department of Labor Issues New Guidance on the Use of Artificial Intelligence and Employment Decision-Making
On April 29, 2024, the Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) released guidance to federal contractors regarding the use of artificial intelligence (AI) in their employment practices. See https://www.dol.gov/agencies/ofccp/ai/ai-eeo-guide. The guidance reminds federal contractors of their existing legal obligations, the potentially harmful effects of AI on employment decisions if used improperly, and best practices. Arriving early, the guidance puts contractors on notice of their responsibilities when using AI in their employment decisions.Continue Reading Department of Labor Issues New Guidance on the Use of Artificial Intelligence and Employment Decision-Making
TikTok Dances Off of Contractor IT Devices—Interim Rule Prohibits ByteDance Limited Applications
On June 2, 2023, the FAR Council issued an Interim Rule to implement the prohibition on having or using TikTok or any successor application or service developed or provided by ByteDance Limited (covered application). Importantly, the prohibition applies not only to Government-issued devices but encompasses contractor and contractor employee-owned devices (e.g., employee devices used as part of a bring-your-own-device program) as well. The Interim Rule took immediate effect and requires new FAR clause FAR 52.204-27, Prohibition on a ByteDance Covered Application, to be included in solicitations issued on or after June 2, 2023. In addition, solicitations issued before the effective date were required to be amended by July 3, 2023, provided that award of the resulting contract(s) occurs on or after the effective date. Existing indefinite-delivery, indefinite-quantity contracts were required to be modified to include the new clause by July 3, 2023, to apply to future orders. Finally, if exercising an option or modifying an existing contract to extend the period of performance, contracting officers must include the clause. In short, this clause will soon be in most if not all Federal government contracts. Contractors should take action now to ensure that they are prepared to comply with these requirements and that employees are familiar with and trained regarding the prohibition.Continue Reading TikTok Dances Off of Contractor IT Devices—Interim Rule Prohibits ByteDance Limited Applications
Ostensible Clarity: SBA Rule Addresses Ostensible Subcontractor Rule in General Construction Contracts and DoverStaffing Factors
In a previous post, we mentioned the April 27, 2023 Small Business Administration (SBA) Final Rule, which made a number of revisions to the Small Business Regulations. A few of those revisions relate to the Ostensible Subcontractor Rule, a topic that has confused contractors for years. The Final Rule seeks to clear up that confusion, or at least some of it. Specifically, the Final Rule revises 13 CFR 121.103(h) to (1) clarify how the Ostensible Subcontractor Rule applies to general construction contracts and (2) provide guidance on the utilization of the DoverStaffing factors in determining whether a subcontractor is an “ostensible subcontractor.”Continue Reading Ostensible Clarity: SBA Rule Addresses Ostensible Subcontractor Rule in General Construction Contracts and DoverStaffing Factors
Bueller … Bueller …Bueller: The FAR Council’s Day(s) Off Come to an End with the Long Awaited Implementation of the SBA’s 2016 Revisions to the Limitations on Subcontracting Rule – The Government Contractor
The Federal Acquisition Regulation (FAR) Council has returned from an extended vacation to publish a final rule to align the FAR with similar subcontracting regulations implemented by the Small Business Administration more than a half decade ago. McCarter & English Government Contracts and Global Trade co-leaders Franklin Turner and Alex Major and Senior Associates Cara…
Keep American Businesses Workin’ 9 to 5—Bipartisan Changes to Buy American Requirements in Federal Procurement – The Government Contractor
Federal government contract domestic preference requirements are set for significant changes. McCarter & English Government Contracts and Global Trade co-leaders Franklin Turner and Alex Major and Senior Associate Cara Wulf provide guidance for federal contractors in a Feature Comment for Thomson Reuters’ The Government Contractor. In the comprehensive article, the authors review the current regulatory…
2020 False Claims Act Recoveries Were Down by One-Third in 2020. . . and That’s Bad News for Federal Contractors
On January 14, 2021, the Department of Justice released its updated statistics for False Claims Act (FCA) recoveries in FY 2020. The Civil Division reported that it recovered $2.2 billion in settlements and judgments in the previous fiscal year—down nearly $900 million from FY 2019, and off nearly two-thirds from the government’s high-watermark collections of $6.1 billion in FY 2014. Although $2.2 billion in net FCA recoveries represents DOJ’s lowest FCA haul in a decade, it is still a remarkable figure considering court closures and pandemic-slowed dockets across the country over the past eleven months.
Continue Reading 2020 False Claims Act Recoveries Were Down by One-Third in 2020. . . and That’s Bad News for Federal Contractors