China dominates the rare earth industry, accounting for approximately 60 percent of rare earth metal mining and approximately 90 percent of rare earth metal processing in 2023. In order to combat this near-monopoly and to limit supply chain vulnerabilities and risk to the US defense industry, a final Defense Federal Acquisition Regulation Supplement (DFARS) rule, published May 30, 2024, applies broader sourcing prohibitions to the language of DFARS 225.7018 and operative clause DFARS 252.225-7052 to prohibit the use and acquisition of magnets mined in China as of January 1, 2027.
Continue Reading DOD Releases Final Rule Prohibiting the Acquisition of Certain Magnets from Nonaligned Foreign NationsCISA’s CIRCIA Proposed Rule: Another Player Enters the Reporting Regime
Cyber incidents involving critical infrastructure pose a serious risk to the US. In March 2024, the Environmental Protection Agency and the National Security Advisor warned state governors about potential attacks on drinking water and wastewater facilities by specific Iran- and China-aligned hackers. The following month (on April 4, 2024), in an attempt to prepare for such attacks and otherwise improve the federal government’s ability to collect and analyze data related to cyber incidents on critical infrastructure, the Cybersecurity and Infrastructure Security Agency (CISA) issued a proposed rule to implement cyber incident reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Enacted in an omnibus appropriation, CIRCIA directed CISA to issue rulemaking requiring the reporting of cyber incidents or the payment of ransoms in response to cyberattacks affecting critical infrastructure.
Continue Reading CISA’s CIRCIA Proposed Rule: Another Player Enters the Reporting RegimeNIST SP 800-171 Revision 3 Goes Final: Who’s Down with ODP?
“Arm me with harmony.” – Treach, Naughty By Nature[1]
On May 14, 2024, the National Institute of Standards and Technology (NIST) dropped the third remix…er, revision…of its Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” It even came with a critical sidekick in the form of the companion assessment guide, “NIST SP 800-171A, Revision 3,” which gives organizations the necessary lowdown on “assessment procedures and methodologies” to check if they’re playing by NIST SP 800-171’s rules. Over a year in the making after previous releases in May and November of 2023, NIST’s finalized revision takes inspiration from industry by laying down the cybersecurity rules that contractors should expect to follow when handling Controlled Unclassified Information (CUI) for the US Department of Defense (DoD). While DoD isn’t requiring contractors who handle CUI to roll with Rev. 3 just yet, contractors can expect that DoD will eventually bring Rev. 3 into the mix for DFARS 252.204-7012, “Safeguarding Covered Defense Information and Cyber Incident Reporting” (DFARS 7012), and will be harmonizing it with the upcoming Cyber Maturity Model Certification (CMMC) program at some point soon.
Continue Reading NIST SP 800-171 Revision 3 Goes Final: Who’s Down with ODP?Supply Chain Checkup: FAR Council Announces New Rulemaking Focused on Prohibiting Certain Semiconductor Acquisitions
If you happen to be a government contractor and are contemplating additions to your Summer reading list, consider adding the FAR Council’s May 3, 2024 advanced notice of proposed rulemaking (“ANPR”) to the mix. The ANPR, which was issued in furtherance of implementing Section 5949 of the FY 2023 National Defense Authorization Act (“NDAA”), contemplates various forthcoming changes to the FAR, all of which focus on banning agencies from purchasing certain products or services that contain or otherwise utilize semiconductors that are produced, designed, or provided by three Chinese entities and their subsidiaries, affiliates, or successors: Semiconductor Manufacturing International Corporation (“SMIC”), ChangXin Memory Technologies (“CXMT”), and Yangtze Memory Technologies Corp. (“YMTC”). In addition, the FAR will likely be amended to prohibit the acquisition of semiconductor products or services from any entity that is owned, controlled by, or otherwise connected to China, North Korea, Iran, Russia and any other “foreign country of concern” – a designation to be determined by the Secretary of Defense or the Secretary of Commerce, in consultation with the Director of National Intelligence or the Director of the Federal Bureau of Investigation.
Continue Reading Supply Chain Checkup: FAR Council Announces New Rulemaking Focused on Prohibiting Certain Semiconductor AcquisitionsHHS Issues Final Rule Strengthening HIPAA Protections for Reproductive Healthcare
On April 22, 2024, the Department of Health and Human Services (HHS) announced a Final Rule titled HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by prohibiting disclosure of protected health information (PHI) related to lawful reproductive health care under certain circumstances. The Final Rule is designed to promote high-quality health care by fostering trust and communication between individuals and their health care providers.
ONC Shares Draft Federal Health IT Strategic Plan—A Catalyst for Private Entities
In March 2024, the Department of Health and Human Services—through the Office of the National Coordinator for Health IT (ONC)—released a draft 2024-2030 Federal Health IT Strategic Plan for public comment. A collaborative effort between ONC and more than two dozen federal agencies, the plan outlines federal health information technology (health IT) goals and objectives, focusing on improving access to health data, delivering better and more equitable care, and modernizing the nation’s public health data infrastructure. More than just a roadmap of federal government priorities, the plan is also intended to catalyze the private sector.
Executive Order 14410: An Artificial Intelligence Odyssey
What do you think is going to be scarier—artificial intelligence (AI) or the government’s effort to regulate AI? On October 30, 2023, the White House issued Executive Order (E.O.) 14410, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. As the federal government’s latest foray into harnessing AI, this E.O.—like those before it, generally—recognizes that AI offers extraordinary potential and promise, provided that it is harnessed responsibly to prevent the exacerbation of societal harms. Since E.O. 14410, there has been a flurry of activity in the federal government, including guidance and policies providing an indication of how agencies can/should/will harness AI to support agency objectives. While we are far from a situation similar to Skynet from the Terminator franchise or HAL 9000 from 2001: A Space Odyssey, the government’s accelerated activity to reap AI’s potential benefits far outpaces the provision of actionable guidance so contractors can understand and adapt to what will be required in offering AI products and services to the government. So let’s open the pod bay doors and explore…
Continue Reading Executive Order 14410: An Artificial Intelligence OdysseyDoD’s Proposed CMMC Rule: Groundhog Day… or a Final Rule in the Works?
On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC guidance documents, providing interested parties a one-two combo of what to expect under the Program. The Proposed Rule has already received over 100 comments. With commenting open until February 26, 2024, will DoD proceed with a final rule, or is the Proposed Rule a Groundhog Day scenario with DoD further delaying final implementation of the CMMC Program?
Continue Reading DoD’s Proposed CMMC Rule: Groundhog Day… or a Final Rule in the Works?The Whole Buffet: Contractors’ Obligations And Sources’ Rights Under The Federal Acquisition Supply Chain Security Act
Alex Major and Marcos Gonzalez discuss the Federal Acquisition Supply Chain Security Act and how it affects contractors in this featured comment for the Government Contractor.
Good Tidings: OMB Wishes Contractors a Happy Holidays with Updated Guidance on Implementation of Build America, Buy America Requirements
Cara Wulf and Marcos Gonzalez provide an overview of Build America, Buy America Act domestic sourcing requirements and discuss the most recent Final Rule issued by the OMB in this feature comment for The Government Contractor.