Federal Contracting

Subscribe to Federal Contracting via RSS

The Federal Acquisition Service (FAS) of the General Services Administration (GSA) revealed on October 17, 2025, that it will issue a Multiple Award Schedule (MAS) Solicitation 47QSMD20R0001 “refresh” sometime in November 2025. While GSA allowed the contracting community 10 business days to submit comments—until October 31, 2025—as MAS contract holders know, GSA issues refreshes from time to time so that changes are made uniformly in recognition of shifts in policy, regulations, or statutes. Administering MAS contracts in this way allows GSA to curate terms in a consistent manner for contractual vehicles at all stages of performance, as contractors perform orders at different times.Continue Reading Total GSA Schedule Makeover: Incoming Mass Mod Not Merely a Refresh

The DoD has finally crossed the CMMC finish line, but for contractors, the race is just beginning. With the Final Rule effective Nov. 10, award eligibility will hinge on a “current” CMMC status in SPRS, backed by annual affirmations and strict compliance. The next two months are critical for getting race-ready. In this Featured Comment

Government procurement is essential to modern governance. But when firms rig bids, allocate markets, or otherwise collude, taxpayers pay more, honest competitors are shut out, and trust erodes. In recent months, US agencies have continued to emphasize the importance of fair competition in government procurement, scrutinizing regulations that may favor incumbents or unfairly limit competition and expanding whistleblower options.Continue Reading Rigging the Game? Antitrust Risks in the Public Contracting Arena

Ding ding.” – Apollo Creed,
Rocky III

September 30. All (most?) federal years end the same way, at least on paper—like a prizefight, with the clock ticking down; an agitated, uncertain crowd; a lot of money on the table; and a ref capable of stopping the match at any moment. This year will be at once both no different and a completely different beast. With ever-recent uncertainty surrounding appropriations, continuing-resolution (CR) risk, evolving Federal Acquisition Regulation (FAR) language, the tightening screws of cyber attestations, industry supply-chain and acquisition changes, and grant closeouts that always take longer than you’d think, September is not a month for contractor improvisation. It’s a month when a dedicated corner team, a game plan, and crisp execution all are paramount.Continue Reading And in This Corner … the Sweet Science of Federal Contracting’s Year-End

For those who grew up gripping a joystick and dodging alien fire in Defender, riding ostriches through floating platforms in Joust, or crossing a hectic freeway in Frogger, winning wasn’t about memorizing rules; it was about adapting fast, reading the patterns, and leveling up. That same urgency now applies to federal information and communication technology (ICT) contractors. A sweeping overhaul of FAR Part 39 has just been released, and while it may not blink and beep like a cabinet in a darkened arcade, it’s just as demanding. There’s no attract mode here. The game has already started.Continue Reading FAR 2.0 Part 39 in Arcade Mode—How Federal IT Acquisition Just Hit Reset

On June 6, 2025, President Trump issued a new executive order, “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity and Amending Executive Order 13694 and Executive Order 14144” (EO), signaling the construction of a fortified cyber defense across federal operations. This directive updates the nation’s digital stronghold, modernizing risk management, defending against quantum and artificial intelligence (AI) threats, and drawing sharper lines in the battle against foreign cyber adversaries. For technology companies and federal suppliers, this is a clarion call to reinforce their digital walls and sharpen their defenses. Agencies will soon build these secure-by-design principles into every contract and procurement decision. In this era of fortress-building, failing to meet these standards not only will leave your gates unguarded but also could bar you from the entire federal marketplace. The EO may read like ordinary policy, but don’t be misled: It’s a direct command for companies to strengthen their cyber defenses or be locked out of federal opportunities altogether.Continue Reading Building the Cyber Fortress: New Cybersecurity Executive Order Targets Quantum, AI, and Supply Chain Security

In Part I of this series we introduced readers to what Controlled Unclassified Information (CUI) is understood to consist of under the CUI Program at 32 CFR pt. 2002, differentiating and safeguarding CUI, CUI Program Authority and Control, and CUI policy as promulgated under the U.S. Department of Defense CUI Program. (See 66 GC ¶

The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) Program will become operational at some point in fiscal year 2025. In October, the DOD issued a Final Rule to address evolving cybersecurity requirements and cyber threats while defining the security controls that DOD intends defense contractors and subcontractors to implement. The program will require

Over the course of the past few years, gallons of ink have been spilled addressing the seemingly ever-pending US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. After keeping us waiting for years, it finally arrived when, on October 15, 2024, DoD published its Final Rule to establish the CMMC Program. See 89 Fed. Reg. 83092 (Oct. 15, 2024). Effective December 16, 2024, the Rule will require certain defense contractors to have implemented security measures to achieve a particular CMMC level necessary to safeguard Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) as a condition of contract award. Codified at 34 C.F.R. Part 170, the CMMC Program will be augmented by a separate proposed acquisition rule to add a new 48 C.F.R. Part 204, amending the Defense Federal Acquisition Regulation Supplement (DFARS) to address procurement considerations related to the CMMC Program, including allowing DoD to require a specific CMMC level in a solicitation or contract. See 89 Fed. Reg. 66327 (Aug. 15, 2024) or our analyses here and here. The date when that DFARS clause will become final is still unclear, but most suspect it will be soon.Continue Reading A Standard on Many Levels: A Look at CMMC 2.0 in Final