On May 12, 2021, the Biden administration unveiled a rather expansive executive order intent on “Improving the Nation’s Cybersecurity.” The lengthy and sweeping order is a comprehensive national cybersecurity overhaul. In addition to requiring significant improvements to the cybersecurity posture of the Federal Civilian Executive Branch (FCEB) agencies, the order also prescribes:
Changes to DoD Regulations Banning Chinese Telecommunications Equipment and Services Offer Potential Opportunities for Contractors
The Department of Defense (DoD) has finalized regulations prohibiting the use of telecommunications equipment or services from Chinese entities or from entities that are owned or controlled by either the People’s Republic of China or the Russian Federation. The Final Rule, which went into effect on Friday, January 15, 2021, prohibits the DoD from buying or using banned telecommunications equipment and services that are a “substantial or essential component of any system” or that constitute a “critical technology.”
Continue Reading Changes to DoD Regulations Banning Chinese Telecommunications Equipment and Services Offer Potential Opportunities for Contractors
Gambling on Compliance? DOJ Updates the House Rules on Corporate Compliance Program Expectations
When entering a casino, professional gamblers understand that “the house doesn’t beat the player. It just gives him the opportunity to beat himself.” This axiom is precisely why in the long run casinos make money, while gamblers see their bank accounts dwindle. The same holds true in the corporate world with respect to the creation, implementation, and maintenance of compliance programs. A company gambling on its compliance obligations does so at its own peril and must understand exactly what the “House” expects. If it doesn’t, then that company may join the unfortunate few that roll the dice or spin the wheel and come up with snake eyes or double zeros. That risk is multiplied if the company betting on sufficient compliance is receiving federal dollars, where failure can lead to catastrophic civil and criminal liability. Fortunately, the United States Department of Justice (“DOJ”) has published its version of “House Rules” that it is supposed to consult when examining whether to investigate, prosecute, or settle criminal charges against a company. In this respect, DOJ prosecutors are tasked with looking at specific factors outlined in the “Principles of Federal Prosecution of Business Organizations” (“Principles”) section of the Justice Manual. Among other factors, these Principles instruct DOJ prosecutors to consider “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision.” In furtherance of this mandate, the DOJ’s Criminal Division issued revised guidance on June 1, 2020, regarding the specific factors DOJ prosecutors should consider in making that evaluation. This updated version of the DOJ’s “Evaluation of Corporate Compliance Programs” (Guidance) clarifies and modifies certain areas of the version last updated in April 2019. Among other noteworthy revisions, the Guidance underscores the need for companies to ensure their corporate compliance program is:
Continue Reading Gambling on Compliance? DOJ Updates the House Rules on Corporate Compliance Program Expectations
The Evolution of Contract Financing: Resurrecting Performance-Based Payments Under Fixed-Price Contracts
Contracting with the Department of Defense (DoD) can provide healthy opportunities for businesses of all sizes. That said, it is no secret that contractors without the cash resources to finance their performance while awaiting payment from the Government may find themselves swallowed whole by their contractual obligations. Many defense contracts are long-term endeavors; consequently, a contractor’s sustainability and profitability can be impacted by the sapping of available manpower while also requiring significant capital investment to manage material, labor, overhead, and other expenses incurred when performing a contract. In many cases, the upfront financial investment required serves as a barrier to entry into the government marketplace for nontraditional defense contractors. However, the DoD has recently unearthed and reanimated one of the more impressive dinosaurs buried in the Federal Acquisition Regulation. Welcome to the world of performance-based payments (PBPs).
Continue Reading The Evolution of Contract Financing: Resurrecting Performance-Based Payments Under Fixed-Price Contracts
DoD CARES After All – New Cost Principle and DFARS Clause Implements CARES Act for Certain COVID-19 Costs
On April 8, 2020, the Department of Defense (“DoD”) issued a Class Deviation authorizing contracting officers to use a new cost principle – DFARS 231.205-79, CARES Act Section 3610 Implementation – to permit the reimbursement of certain leave-related costs incurred by contractors in accordance with Section 3610 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (Pub. L. 116-136). Additional clarification regarding the application of the new cost principle was issued on April 9, 2020, through the publication of a “living” FAQ document intended to answer critical questions for contractors. While the FAQ information does not clarify the Government’s position on all potential issues associated with the implementation of Section 3610, it does provide a blueprint that contractors seeking reimbursement should follow.
Continue Reading DoD CARES After All – New Cost Principle and DFARS Clause Implements CARES Act for Certain COVID-19 Costs
Cybersecurity Maturity Model Certification (CMMC) Version .6: Another Step on the Department of Defense’s Long and Winding Cybersecurity Road
There’s an often mistranslated Taoist adage that counsels “A journey of a thousand miles begins with a single step.” So it is presently with the Department of Defense’s (DoD’s) Cybersecurity Maturity Model Certification (CMMC), which continues its cybersecurity journey with the recently released update of standard CMMC .6.
Continue Reading Cybersecurity Maturity Model Certification (CMMC) Version .6: Another Step on the Department of Defense’s Long and Winding Cybersecurity Road
Integrating Cybersecurity Into M&A Compliance Reviews: Avoiding Hidden Cyber Risks in the Acquisition of Government Contractors
So you want to acquire a government contractor? Makes sense, and you’re not alone. Over the past few years, the federal contracting landscape continues to evolve as a result of mergers and acquisitions (M&A), primarily involving the acquisition of small and midsize contractors by larger entities as a means to quickly expand into new federal markets. This trend is especially prevalent in the information technology (IT) market, where the acquisition of small or midsize IT firms with new capabilities can provide larger firms with shiny new toys to share with their roster of government clients to gain a larger share of the federal IT “pie,” if not create—almost overnight—new IT market leaders in areas such as cloud computing, cybersecurity, software, and predictive intelligence.…
Continue Reading Integrating Cybersecurity Into M&A Compliance Reviews: Avoiding Hidden Cyber Risks in the Acquisition of Government Contractors
Let Me Clear My Throat: DCAA Course Corrects on “Expressly Unallowable” Costs
Cough…cough…ahem…cough… Any contractor who has had the misfortune of dealing with the Defense Contract Audit Agency (DCAA) likely knows all too well that the agency is the Will Rogers of costs – it never met a cost it didn’t question. Indeed, DCAA auditors typically question costs with reckless abandon and based often on a patent misreading of applicable regulations. The net effect, of course, is that contractors have to expend significant time and money trying to explain to boards and courts why DCAA’s auditors are…uh…incorrect as a matter of fact and law. A recent Memorandum for Regional Directors (MRD) provides some transparency into why this sort of thing happens with unfortunate regularity. Issued on May 14, 2019, the MRD (No. 19-PAC-002(R)), corrects…er…“revises” internal guidance issued in 2014 and 2015 relating to the identification of expressly unallowable costs. The newly issued memo sets out DCAA’s current stance on identifying expressly unallowable costs under the cost principles codified at Federal Acquisition Regulation (FAR) Part 31 and Defense Federal Acquisition Regulation Supplement (DFARS) Part 231. This MRD – like all MRDs – is intended to be used as a tool by well-meaning (but often overzealous) auditors when reviewing a contractor’s compliance with federal cost principles. Contractors should, thus, pay careful attention to this MRD in order to be prepared for questions that may arise during DCAA-led frolics and detours.
Continue Reading Let Me Clear My Throat: DCAA Course Corrects on “Expressly Unallowable” Costs
Never Stop Never Stopping: Defense Department Quietly Unveils Proposed Cybersecurity Maturity Model Certification Standards and Confirms the Allowability of Certain Cybersecurity Costs
Cybersecurity. It’s never over, is it? In what can only be described as a “soft” release, the Department of Defense (DoD) has slowly and quietly begun to reveal its intent to provide federal contractors with formal cybersecurity certification as early as next year. The program, known as the Cybersecurity Maturity Model Certification (CMMC), is an effort to streamline the acquisition process by providing acquiring agencies and consenting contractors with more exacting cybersecurity requirements for forthcoming acquisitions.
Continue Reading Never Stop Never Stopping: Defense Department Quietly Unveils Proposed Cybersecurity Maturity Model Certification Standards and Confirms the Allowability of Certain Cybersecurity Costs
The Russian Exorcism of US Gov’t Contracts
The Demon: What an excellent day for an exorcism.
Father Karras: You would like that?
The Demon: Intensely.
Honestly, it was challenging finding an all-audiences quote from William Peter Blatty’s “The Exorcist,” but we believe that this quote is exactly what federal contractors need to know. Today is indeed an excellent day for an information system exorcism and, unlike Father Karras, federal contractors know the name of that which they must purge: Kaspersky Lab.…