Uncategorized

On December 12, 2017, President Trump signed the $700 billion 2018 National Defense Authorization Act (“NDAA”) into law. Following negotiations between the House and Senate Armed Services Committees, the NDAA includes new provisions relating to software acquisition within Title VIII — Acquisition Policy, Acquisition Management, and Related Matters, Subtitle H, and the following five sections:

SEC. 871. Noncommercial Computer Software Acquisition Considerations.

SEC. 872. Defense Innovation Board Analysis of Software Acquisition Regulations.

SEC. 873. Pilot Program to Use Agile or Iterative Development Methods to Tailor Major
Software-Intensive Warfighting Systems and Defense Business Systems.

SEC. 874. Software Development Pilot Program Using Agile Best Practices.

SEC. 875. Pilot Program for Open Source Software.

Continue Reading National Defense Authorization Act FY 2018: Directions in Federal Software Acquisitions

If your company sells products or services to the U.S. Government, there’s a substantial likelihood that you’ve read or heard the acronym “NIST” in connection with various cybersecurity related obligations that the Government is imposing on contractors with a seemingly unceasing vengeance. NIST refers to the National Institute of Standards and Technology, which is a

During the past few years, discussions in Washington, D.C. have intensified over the battle to modernize the Federal Government’s information technology (IT) systems. In May 2016, Representative Jason Chaffetz—Chairman of the Committee on Oversight and Government Reform in the U.S. House of Representatives—boldly stated that American “[t]axpayers deserve a government that leverages technology to serve

This article focuses on contractor licenses that grant “Restricted Rights” in “Noncommercial Software” to the federal Government under Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.227-7014.  DFARS 252.227-7014 only applies to “Noncommercial Computer Software,” meaning software that is licensed to or developed for the Government, but that is not also licensed to the public.  In contrast to the commercial world, where software licensors generally set the terms under which they wish to license their products, DFARS 252.227-7014 dictates such terms, and codifies required license grants for software developed for the U.S. Department of Defense (“DoD”).  Under DFARS 252.227-7014, even if a licensor develops Noncommercial Software at private expense, the licensor must at least grant Restricted Rights to the Government — although title and ownership of the software always remain with the contractor licensor.
Continue Reading Restricted Rights Under DFARS 252.227-7014: Practitioner Advice for Avoiding DoD Licensing Pitfalls

Contractor past performance evaluations are important factors in source selection decisions under Parts 8 and 15 of the Federal Acquisition Regulation (“FAR”), and they can easily make or break a contractor’s federal customer base. Especially vulnerable are contractors competing in Lowest Price Technically Acceptable (“LPTA”) procurements, where a bad past performance rating can make contractors ineligible due to an “unacceptable” technical rating even though they may offer the lowest price. The submission by Government contracting officials of a contractor’s performance evaluation to the Contractor Performance Assessment Reporting System (“CPARS”) is required in most instances; however, the contractor’s remedies for correcting poor performance evaluations due to mistakes and material omissions by the evaluator are limited in both time and scope. And as the DoD’s Inspector General (“IG”) has repeatedly pointed out, most recently in its May 9, 2017 report, Summary of Audits on Assessing Contractor Performance (noting a large percentage of DoD performance assessment reports are late and not prepared correctly and accurately), mistakes often happen. Contractors looking to sustain their business in the federal marketplace need to be properly armed with the weapons available to challenge poor performance evaluations when the agency gets it wrong.
Continue Reading Sparring with CPARS: Some Tips on Avoiding and Curing Bad Past Performance Evaluations That Can Haunt and Jeopardize a Government Contractor’s Business for Years

On April 18, 2017, at the headquarters of Snap-On Incorporated, a Wisconsin-based manufacturer, Donald J. Trump signed an Executive Order titled “Buy American, Hire American”. The Hire American portion, explained in all of two paragraphs in Section 5, requires the Attorney General and Secretaries of State, Labor, and Homeland Security to “consistent with applicable law, propose new rules and issue new guidance, to supersede or revise previous rules and guidance if appropriate, to protect the interests of United States workers in the administration of our immigration system”. The second paragraph is a bit more specific inasmuch as it states that these folks ought to “suggest reforms to help ensure that H-1B visas are awarded to the most-skilled or highest-paid petition beneficiaries.” Among those in attendance were likely Snap-On’s H-1B employees, since the company is a perennial petitioner for H-1B workers at its Kenosha, Wisconsin location.[1]
Continue Reading Buy and Hire American, to the Extent Possible – Federal Publications Seminars

It’s surprising how often the simplest phrases can provide the most salient advice. The 6 P’s,for example: Proper prior planning prevents poor performance. While the phrase may be a bit of a tortured alliteration, the truth and simplicity of its sentiment can’t be denied: When you want a good outcome, you have to think it through. Simple.
Continue Reading Your Biggest Cybersecurity Threat: Failing to Plan

One common complaint we hear from our subcontractor clients is “HOW CAN WE GET PAID????” Our experience has shown that whether through inadvertence, lack of subcontract management resources – or even as a predatory business strategy – some prime contractors will dance, dither and delay upon receipt of requests for payment by their subs for work performed, services rendered and/or products delivered. This can be particularly onerous for small business subcontractors whose payroll and other obligations depend upon prompt payment by their customers. Subs are put in an untenable position. Should they stop work and risk breach of contract? Should they threaten to sue and risk breaching the relationship? New changes to the FAR now impose mandatory reporting obligations on primes should they fail to make timely and full payments to their small business subs. Chronic and unjustified payments now must go into an agency’s evaluation of the prime’s past performance in bidding contests. Primes are well advised to make sure their supply chain management is in order to minimize the additional obligations and risks confronting them should they fail to meet their obligations to their small business subs.
Continue Reading New FAR Changes Incentivize Prime Contractors Not to Be Deadbeats in Meeting Their Payment Obligations to Their Small Business Subcontractors

If you are aware of German Christmas folklore (and really, who isn’t?), you know that Belsnickel is a legendary companion of St. Nick who carries a switch with which to punish naughty children and a pocketful of sweets to reward good ones. This holiday season, many are feeling the sting of a switch of another kind, this one involving the December 20, 2016, issuing by the National Institute of Standards and Technology (NIST) of a preholiday revision of Special Publication 800-171 (SP 800-171), Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. If SP 800-171 sounds familiar, it is because the publication is the source of the cybersecurity controls that defense contractors must follow and flow down to subcontractors pursuant to DFARS Subpart 204.73 and its operative clauses (e.g., DFARS 252.204-7008 and DFARS 252.204-7012). Essentially accompanying St. Nick (perhaps Santa Clause may be more appropriate) this season, the NIST’s revised publication may resemble Belsnickel’s switch (pun intended) to contractors who already have existing SP 800-171 controls in place (as the controls have been required, in various forms, since November 2013) or who have started down the road toward SP 800-171 adherence in advance of the DFARS-directed December 2017 deadline. With that in mind, let’s take a quick look at the implications that switch (pun still intended) brings to the security requirements for protecting the confidentiality of CUI in nonfederal systems and organizations:
Continue Reading Switches and Sweets: Belsnickel Brings Defense Contractors and Subcontractors New Cybersecurity Controls in Preholiday Revisions of NIST Cybersecurity Publication